Action not permitted
Modal body text goes here.
cve-2018-8088
Vulnerability from cvelistv5
Published
2018-03-20 00:00
Modified
2024-08-05 06:46
Severity ?
EPSS score ?
Summary
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:46:12.940Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:1448", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1448" }, { "name": "1040627", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040627" }, { "name": "RHSA-2018:1449", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1449" }, { "tags": [ "x_transferred" ], "url": "https://jira.qos.ch/browse/SLF4J-431" }, { "name": "RHSA-2018:1248", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1248" }, { "name": "RHSA-2018:1251", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1251" }, { "name": "RHSA-2018:2143", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2143" }, { "name": "RHSA-2018:1450", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1450" }, { "name": "RHSA-2018:2669", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2669" }, { "name": "RHSA-2018:1323", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1323" }, { "name": "RHSA-2018:2420", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2420" }, { "name": "RHSA-2018:0630", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0630" }, { "name": "RHSA-2018:1525", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1525" }, { "name": "RHSA-2018:1575", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1575" }, { "name": "RHSA-2018:1451", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1451" }, { "name": "RHSA-2018:0629", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0629" }, { "name": "RHSA-2018:0628", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0628" }, { "name": "RHSA-2018:0582", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0582" }, { "name": "103737", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103737" }, { "name": "RHSA-2018:2419", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2419" }, { "name": "RHSA-2018:1447", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1447" }, { "name": "RHSA-2018:1247", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1247" }, { "name": "RHSA-2018:0627", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0627" }, { "name": "RHSA-2018:2930", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2930" }, { "name": "RHSA-2018:1249", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1249" }, { "name": "RHSA-2018:0592", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0592" }, { "name": "[infra-devnull] 20190321 [GitHub] [tika] dadoonet opened pull request #268: Update slf4j to 1.8.0-beta4", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f%40%3Cdevnull.infra.apache.org%3E" }, { "name": "[infra-devnull] 20190321 [GitHub] [tika] grossws commented on issue #268: Update slf4j to 1.8.0-beta4", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa%40%3Cdevnull.infra.apache.org%3E" }, { "name": "RHSA-2019:2413", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2413" }, { "name": "RHSA-2019:3140", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3140" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_transferred" ], "url": "https://jira.qos.ch/browse/SLF4J-430" }, { "tags": [ "x_transferred" ], "url": "https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405" }, { "name": "[hadoop-common-dev] 20200824 [jira] [Created] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378%40%3Ccommon-dev.hadoop.apache.org%3E" }, { "name": "[hadoop-common-issues] 20200824 [jira] [Created] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991%40%3Ccommon-issues.hadoop.apache.org%3E" }, { "name": "[hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0%40%3Ccommon-issues.hadoop.apache.org%3E" }, { "name": "[hadoop-common-issues] 20200824 [jira] [Commented] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264%40%3Ccommon-issues.hadoop.apache.org%3E" }, { "name": "[hadoop-common-commits] 20200824 [hadoop] branch branch-3.3 updated: HADOOP-17220. Upgrade slf4j to 1.7.30 ( To Address: CVE-2018-8088). Contributed by Brahma Reddy Battula.", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78%40%3Ccommon-commits.hadoop.apache.org%3E" }, { "name": "[hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Address: CVE-2018-8088)", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489%40%3Ccommon-issues.hadoop.apache.org%3E" }, { "name": "[hadoop-common-commits] 20200824 [hadoop] branch trunk updated: HADOOP-17220. Upgrade slf4j to 1.7.30 ( To Address: CVE-2018-8088). Contributed by Brahma Reddy Battula.", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462%40%3Ccommon-commits.hadoop.apache.org%3E" }, { "name": "[logging-notifications] 20200825 [jira] [Commented] (LOG4J2-2329) Fix dependency in log4j-slf4j-impl to slf4j due to CVE-2018-8088", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25%40%3Cnotifications.logging.apache.org%3E" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E" }, { "name": "[pulsar-commits] 20210127 [GitHub] [pulsar] GLouMcK opened a new issue #9347: Security Vulnerabilities - Black Duck Scan", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3E" }, { "name": "[iotdb-notifications] 20210325 [jira] [Created] (IOTDB-1258) jcl-over-slf4j have Security Vulnerabilities CVE-2018-8088", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe%40%3Cnotifications.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] wangchao316 opened a new pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5%40%3Creviews.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210327 [GitHub] [iotdb] wangchao316 closed pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42%40%3Creviews.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210327 [GitHub] [iotdb] wangchao316 opened a new pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e%40%3Creviews.iotdb.apache.org%3E" }, { "name": "[zookeeper-issues] 20210327 [jira] [Created] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa%40%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-issues] 20210327 [jira] [Updated] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56%40%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-dev] 20210327 [jira] [Created] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c%40%3Cdev.zookeeper.apache.org%3E" }, { "name": "[zookeeper-issues] 20210328 [jira] [Commented] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a%40%3Cissues.zookeeper.apache.org%3E" }, { "name": "[iotdb-reviews] 20210328 [GitHub] [iotdb] HTHou merged pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9%40%3Creviews.iotdb.apache.org%3E" }, { "name": "[iotdb-commits] 20210328 [iotdb] branch master updated: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088 (#2906)", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042%40%3Ccommits.iotdb.apache.org%3E" }, { "name": "[flink-dev] 20210720 [jira] [Created] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa%40%3Cdev.flink.apache.org%3E" }, { "name": "[flink-issues] 20210720 [jira] [Created] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3%40%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20210721 [jira] [Commented] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729%40%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20210725 [jira] [Commented] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db%40%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20210804 [jira] [Closed] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541%40%3Cissues.flink.apache.org%3E" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "tags": [ "x_transferred" ], "url": "https://www.slf4j.org/news.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231227-0010/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-03-20T00:00:00", "descriptions": [ { "lang": "en", "value": "org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-27T15:06:37.054657", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2018:1448", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1448" }, { "name": "1040627", "tags": [ "vdb-entry" ], "url": "http://www.securitytracker.com/id/1040627" }, { "name": "RHSA-2018:1449", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1449" }, { "url": "https://jira.qos.ch/browse/SLF4J-431" }, { "name": "RHSA-2018:1248", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1248" }, { "name": "RHSA-2018:1251", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1251" }, { "name": "RHSA-2018:2143", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2143" }, { "name": "RHSA-2018:1450", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1450" }, { "name": "RHSA-2018:2669", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2669" }, { "name": "RHSA-2018:1323", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1323" }, { "name": "RHSA-2018:2420", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2420" }, { "name": "RHSA-2018:0630", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:0630" }, { "name": "RHSA-2018:1525", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1525" }, { "name": "RHSA-2018:1575", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1575" }, { "name": "RHSA-2018:1451", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1451" }, { "name": "RHSA-2018:0629", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:0629" }, { "name": "RHSA-2018:0628", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:0628" }, { "name": "RHSA-2018:0582", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:0582" }, { "name": "103737", "tags": [ "vdb-entry" ], "url": "http://www.securityfocus.com/bid/103737" }, { "name": "RHSA-2018:2419", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2419" }, { "name": "RHSA-2018:1447", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1447" }, { "name": "RHSA-2018:1247", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1247" }, { "name": "RHSA-2018:0627", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:0627" }, { "name": "RHSA-2018:2930", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2930" }, { "name": "RHSA-2018:1249", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1249" }, { "name": "RHSA-2018:0592", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:0592" }, { "name": "[infra-devnull] 20190321 [GitHub] [tika] dadoonet opened pull request #268: Update slf4j to 1.8.0-beta4", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f%40%3Cdevnull.infra.apache.org%3E" }, { "name": "[infra-devnull] 20190321 [GitHub] [tika] grossws commented on issue #268: Update slf4j to 1.8.0-beta4", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa%40%3Cdevnull.infra.apache.org%3E" }, { "name": "RHSA-2019:2413", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2413" }, { "name": "RHSA-2019:3140", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3140" }, { "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "url": "https://jira.qos.ch/browse/SLF4J-430" }, { "url": "https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405" }, { "name": "[hadoop-common-dev] 20200824 [jira] [Created] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378%40%3Ccommon-dev.hadoop.apache.org%3E" }, { "name": "[hadoop-common-issues] 20200824 [jira] [Created] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991%40%3Ccommon-issues.hadoop.apache.org%3E" }, { "name": "[hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0%40%3Ccommon-issues.hadoop.apache.org%3E" }, { "name": "[hadoop-common-issues] 20200824 [jira] [Commented] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264%40%3Ccommon-issues.hadoop.apache.org%3E" }, { "name": "[hadoop-common-commits] 20200824 [hadoop] branch branch-3.3 updated: HADOOP-17220. Upgrade slf4j to 1.7.30 ( To Address: CVE-2018-8088). Contributed by Brahma Reddy Battula.", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78%40%3Ccommon-commits.hadoop.apache.org%3E" }, { "name": "[hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Address: CVE-2018-8088)", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489%40%3Ccommon-issues.hadoop.apache.org%3E" }, { "name": "[hadoop-common-commits] 20200824 [hadoop] branch trunk updated: HADOOP-17220. Upgrade slf4j to 1.7.30 ( To Address: CVE-2018-8088). Contributed by Brahma Reddy Battula.", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462%40%3Ccommon-commits.hadoop.apache.org%3E" }, { "name": "[logging-notifications] 20200825 [jira] [Commented] (LOG4J2-2329) Fix dependency in log4j-slf4j-impl to slf4j due to CVE-2018-8088", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25%40%3Cnotifications.logging.apache.org%3E" }, { "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E" }, { "name": "[pulsar-commits] 20210127 [GitHub] [pulsar] GLouMcK opened a new issue #9347: Security Vulnerabilities - Black Duck Scan", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3E" }, { "name": "[iotdb-notifications] 20210325 [jira] [Created] (IOTDB-1258) jcl-over-slf4j have Security Vulnerabilities CVE-2018-8088", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe%40%3Cnotifications.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] wangchao316 opened a new pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5%40%3Creviews.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210327 [GitHub] [iotdb] wangchao316 closed pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42%40%3Creviews.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210327 [GitHub] [iotdb] wangchao316 opened a new pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e%40%3Creviews.iotdb.apache.org%3E" }, { "name": "[zookeeper-issues] 20210327 [jira] [Created] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa%40%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-issues] 20210327 [jira] [Updated] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56%40%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-dev] 20210327 [jira] [Created] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c%40%3Cdev.zookeeper.apache.org%3E" }, { "name": "[zookeeper-issues] 20210328 [jira] [Commented] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a%40%3Cissues.zookeeper.apache.org%3E" }, { "name": "[iotdb-reviews] 20210328 [GitHub] [iotdb] HTHou merged pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9%40%3Creviews.iotdb.apache.org%3E" }, { "name": "[iotdb-commits] 20210328 [iotdb] branch master updated: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088 (#2906)", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042%40%3Ccommits.iotdb.apache.org%3E" }, { "name": "[flink-dev] 20210720 [jira] [Created] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa%40%3Cdev.flink.apache.org%3E" }, { "name": "[flink-issues] 20210720 [jira] [Created] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3%40%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20210721 [jira] [Commented] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729%40%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20210725 [jira] [Commented] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db%40%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20210804 [jira] [Closed] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541%40%3Cissues.flink.apache.org%3E" }, { "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "url": "https://www.slf4j.org/news.html" }, { "url": "https://security.netapp.com/advisory/ntap-20231227-0010/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-8088", "datePublished": "2018-03-20T00:00:00", "dateReserved": "2018-03-13T00:00:00", "dateUpdated": "2024-08-05T06:46:12.940Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2018-8088\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-03-20T16:29:00.547\",\"lastModified\":\"2024-11-21T04:13:14.380\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.\"},{\"lang\":\"es\",\"value\":\"org.slf4j.ext.EventData en el m\u00f3dulo slf4j-ext en QOS.CH SLF4J antes de la versi\u00f3n 1.8.0-beta2 permite a los atacantes remotos saltarse las restricciones de acceso previstas a trav\u00e9s de datos manipulados. EventData en el m\u00f3dulo slf4j-ext en QOS.CH SLF4J, ha sido corregido en las versiones 1.7.26 posteriores de SLF4J y en la serie 2.0.x\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qos:slf4j:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.7.26\",\"matchCriteriaId\":\"D42F1233-D2BD-4CF0-94F9-8BE35346BC1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qos:slf4j:1.8.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"53E5592F-9FFB-4ABE-82B9-D6A130359C6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qos:slf4j:1.8.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"51E52584-4E04-40CE-AD6D-7D2B9A97DF2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qos:slf4j:1.8.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EA01C6A-4A37-436E-939E-A4C6E29D0F81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qos:slf4j:1.8.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA0E73F4-0197-422E-B454-A6090BD1D911\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7117F117-D439-45EB-BB95-397E5E52C9BB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B142ACCC-F7A9-4A3B-BE60-0D6691D5058D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1ABA871-3271-48E2-A69C-5AD70AF94E53\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D8B549B-E57B-4DFE-8A13-CAB06B5356B3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BBD7A51-0590-4DDF-8249-5AFA8D645CB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB28F9AF-3D06-4532-B397-96D7E4792503\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F96E3779-F56A-45FF-BB3D-4980527D721E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83737173-E12E-4641-BC49-0BD84A6B29D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D99A687E-EAE6-417E-A88E-D0082BC194CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7431ABC1-9252-419E-8CC1-311B41360078\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5F7E11E-FB34-4467-8919-2B6BEAABF665\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17F256A9-D3B9-4C72-B013-4EFD878BFEA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6F259E6-10A8-4207-8FC2-85ABD70B04C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"19.1.0.0.1\",\"matchCriteriaId\":\"F4E7F2AA-B851-4D85-9895-2CDD6BE9FCB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5435B365-BFF3-4A9E-B45C-42D8F1E20FB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.3.0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7715FC4-631E-462D-AD59-F44235C19837\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.3.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2224F133-2D7D-4F3A-995A-31599C579ADB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.3.0.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA3D0BC5-109D-4405-8566-3C91A20EA3A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5BBA303-8D2B-48C5-B52A-4E192166699C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DF02546-3F0D-4FDD-89B1-8A3FE43FB5BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F906F04-39E4-4BE4-8A73-9D058AAADB43\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/103737\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040627\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0582\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0592\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0627\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0628\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0629\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0630\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1247\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1248\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1249\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1251\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1323\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1447\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1448\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1449\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1450\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1451\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1525\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1575\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2143\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2419\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2420\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2669\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2930\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2413\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3140\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://jira.qos.ch/browse/SLF4J-430\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://jira.qos.ch/browse/SLF4J-431\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f%40%3Cdevnull.infra.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa%40%3Cdevnull.infra.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489%40%3Ccommon-issues.hadoop.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe%40%3Cnotifications.iotdb.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42%40%3Creviews.iotdb.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5%40%3Creviews.iotdb.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e%40%3Creviews.iotdb.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3%40%3Cissues.flink.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541%40%3Cissues.flink.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0%40%3Ccommon-issues.hadoop.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25%40%3Cnotifications.logging.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729%40%3Cissues.flink.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa%40%3Cdev.flink.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042%40%3Ccommits.iotdb.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991%40%3Ccommon-issues.hadoop.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db%40%3Cissues.flink.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78%40%3Ccommon-commits.hadoop.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462%40%3Ccommon-commits.hadoop.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378%40%3Ccommon-dev.hadoop.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9%40%3Creviews.iotdb.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264%40%3Ccommon-issues.hadoop.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20231227-0010/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.slf4j.org/news.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/103737\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040627\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0582\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0592\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0627\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0628\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0629\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0630\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1247\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1248\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1249\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1251\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1323\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1447\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1448\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1449\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1450\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1451\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1525\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1575\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2143\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2419\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2420\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2669\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2930\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2413\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3140\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://jira.qos.ch/browse/SLF4J-430\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://jira.qos.ch/browse/SLF4J-431\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f%40%3Cdevnull.infra.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa%40%3Cdevnull.infra.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489%40%3Ccommon-issues.hadoop.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe%40%3Cnotifications.iotdb.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42%40%3Creviews.iotdb.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5%40%3Creviews.iotdb.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e%40%3Creviews.iotdb.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0%40%3Ccommon-issues.hadoop.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25%40%3Cnotifications.logging.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa%40%3Cdev.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042%40%3Ccommits.iotdb.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991%40%3Ccommon-issues.hadoop.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78%40%3Ccommon-commits.hadoop.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462%40%3Ccommon-commits.hadoop.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378%40%3Ccommon-dev.hadoop.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9%40%3Creviews.iotdb.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264%40%3Ccommon-issues.hadoop.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20231227-0010/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.slf4j.org/news.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
rhsa-2018_1247
Vulnerability from csaf_redhat
Published
2018-04-25 18:21
Modified
2024-11-25 12:10
Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 7.1.2 for RHEL 7
Notes
Topic
Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.1.2 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 7.1.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993) (CVE-2018-1067)
* wildfly-undertow: undertow: Path traversal in ServletResourceManager class
(CVE-2018-1047)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
Red Hat would like to thank Ammarit Thongthua and Nattakit Intarasorn (Deloitte Thailand Pentest team) for reporting CVE-2018-1067, and Chris McCown for reporting CVE-2018-8088.
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.1.2 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java\napplications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.1.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993) (CVE-2018-1067)\n\n* wildfly-undertow: undertow: Path traversal in ServletResourceManager class\n(CVE-2018-1047)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\nRed Hat would like to thank Ammarit Thongthua and Nattakit Intarasorn (Deloitte Thailand Pentest team) for reporting CVE-2018-1067, and Chris McCown for reporting CVE-2018-8088.\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:1247", "url": "https://access.redhat.com/errata/RHSA-2018:1247" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/" }, { "category": "external", "summary": "1528361", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528361" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "1550671", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550671" }, { "category": "external", "summary": "JBEAP-14136", "url": "https://issues.redhat.com/browse/JBEAP-14136" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1247.json" } ], "title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 7.1.2 for RHEL 7", "tracking": { "current_release_date": "2024-11-25T12:10:07+00:00", "generator": { "date": "2024-11-25T12:10:07+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:1247", "initial_release_date": "2018-04-25T18:21:36+00:00", "revision_history": [ { "date": "2018-04-25T18:21:36+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-04-25T18:21:36+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T12:10:07+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.4-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.src", "product_id": "eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@1.4.18-5.SP5_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.src", "product_id": "eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.2_spec@2.2.13-5.SP2_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.5-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketbox@5.0.3-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.src", "product_id": "eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-weld-2.2-api@2.4.0-3.SP2_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.8-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.1.9-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.0.6-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups@3.6.14-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.10-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@8.2.10-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-mod_cluster@1.3.9-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@2.4.7-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.src", "product": { "name": "eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.src", "product_id": "eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-web-console-eap@2.9.16-2.Final_redhat_1.2.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "product_id": "eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-11.SP10_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.1.13-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "product_id": "eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "product_id": "eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-11.SP10_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.src", "product": { "name": "eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.src", "product_id": "eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@1.5.5.010-1.redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "product_id": "eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.2-1.GA_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "product": { "name": "eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "product_id": "eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.1.2-1.GA_redhat_1.1.ep7.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@1.4.18-5.SP5_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.2_spec@2.2.13-5.SP2_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.5-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketbox@5.0.3-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketbox-infinispan@5.0.3-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-weld-2.2-api@2.4.0-3.SP2_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.8-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.8-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.8-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.8-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.8-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.8-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.8-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.8-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.8-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.1.9-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.0.6-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups@3.6.14-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.10-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@8.2.10-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@8.2.10-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@8.2.10-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@8.2.10-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@8.2.10-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@8.2.10-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-mod_cluster@1.3.9-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-jsf@2.4.7-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-probe-core@2.4.7-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-impl@2.4.7-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@2.4.7-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.noarch", "product": { "name": "eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.noarch", "product_id": "eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-web-console-eap@2.9.16-2.Final_redhat_1.2.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-impl@2.5.5-11.SP10_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-idm-api@2.5.5-11.SP10_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-api@2.5.5-11.SP10_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-idm-impl@2.5.5-11.SP10_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-config@2.5.5-11.SP10_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-idm-simple-schema@2.5.5-11.SP10_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-common@2.5.5-11.SP10_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-11.SP10_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.1.13-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.1.13-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.1.13-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.1.13-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-infinispan@5.1.13-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.1.13-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.1@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0-to-eap7.1@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.1@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.1@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.0@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.0@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.1@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.0@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.1@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.0.4-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-11.SP10_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-11.SP10_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@1.5.5.010-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@1.5.5.010-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@1.5.5.010-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@1.5.5.010-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@1.5.5.010-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-native@1.5.5.010-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@1.5.5.010-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@1.5.5.010-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@1.5.5.010-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@1.5.5.010-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@1.5.5.010-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@1.5.5.010-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@1.5.5.010-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@1.5.5.010-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@1.5.5.010-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_id": "eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@1.5.5.010-1.redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.2-1.GA_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.1.2-1.GA_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "product_id": "eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.1.2-1.GA_redhat_1.1.ep7.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src" }, "product_reference": "eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.noarch" }, "product_reference": "eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.src" }, "product_reference": "eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-1047", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2017-12-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1528361" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was discovered in Undertow\u0027s org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method. This could lead to information disclosure of arbitrary local files.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Path traversal in ServletResourceManager class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1047" }, { "category": "external", "summary": "RHBZ#1528361", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528361" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1047", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1047" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1047", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1047" } ], "release_date": "2017-12-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-04-25T18:21:36+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1247" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" }, "products": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Path traversal in ServletResourceManager class" }, { "acknowledgments": [ { "names": [ "Ammarit Thongthua", "Nattakit Intarasorn" ], "organization": "Deloitte Thailand Pentest team" } ], "cve": "CVE-2018-1067", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2018-03-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1550671" } ], "notes": [ { "category": "description", "text": "It was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1067" }, { "category": "external", "summary": "RHBZ#1550671", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550671" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1067", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1067" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1067", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1067" } ], "release_date": "2018-04-25T17:51:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-04-25T18:21:36+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1247" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)" }, { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-04-25T18:21:36+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1247" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
rhsa-2018_2930
Vulnerability from csaf_redhat
Published
2018-10-16 17:05
Modified
2024-11-25 12:10
Summary
Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.11 security and bug fix update
Notes
Topic
An update is now available for Red Hat JBoss Operations Network.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Operations Network is a Middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services.
This JBoss Operations Network 3.3.11 release serves as a replacement for
JBoss Operations Network 3.3.10, and includes several bug fixes. Refer to
the Customer Portal page linked in the References section for information
on the most significant of these changes.
Security Fix(es):
* RichFaces: Injection of arbitrary EL expressions allows remote code execution via org.richfaces.renderkit.html.Paint2DResource (CVE-2018-12533)
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)
* tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank 0c0c0f from 360观星实验室 for reporting CVE-2017-17485 and Chris McCown for reporting CVE-2018-8088.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Operations Network.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Operations Network is a Middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services.\n\nThis JBoss Operations Network 3.3.11 release serves as a replacement for\nJBoss Operations Network 3.3.10, and includes several bug fixes. Refer to\nthe Customer Portal page linked in the References section for information\non the most significant of these changes.\n\nSecurity Fix(es):\n\n* RichFaces: Injection of arbitrary EL expressions allows remote code execution via org.richfaces.renderkit.html.Paint2DResource (CVE-2018-12533)\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)\n\n* tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank 0c0c0f from 360\u89c2\u661f\u5b9e\u9a8c\u5ba4 for reporting CVE-2017-17485 and Chris McCown for reporting CVE-2018-8088.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:2930", "url": "https://access.redhat.com/errata/RHSA-2018:2930" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=em\u0026downloadType=securityPatches\u0026version=3.3", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=em\u0026downloadType=securityPatches\u0026version=3.3" }, { "category": "external", "summary": "1127359", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127359" }, { "category": "external", "summary": "1418034", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418034" }, { "category": "external", "summary": "1517717", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517717" }, { "category": "external", "summary": "1522728", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1522728" }, { "category": "external", "summary": "1528565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528565" }, { "category": "external", "summary": "1540527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540527" }, { "category": "external", "summary": "1540707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540707" }, { "category": "external", "summary": "1542125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542125" }, { "category": "external", "summary": "1544424", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1544424" }, { "category": "external", "summary": "1545742", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545742" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "1559622", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559622" }, { "category": "external", "summary": "1575920", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575920" }, { "category": "external", "summary": "1579733", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579733" }, { "category": "external", "summary": "1584490", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1584490" }, { "category": "external", "summary": "1594305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594305" }, { "category": "external", "summary": "1597947", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597947" }, { "category": "external", "summary": "1607591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607591" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2930.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.11 security and bug fix update", "tracking": { "current_release_date": "2024-11-25T12:10:22+00:00", "generator": { "date": "2024-11-25T12:10:22+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:2930", "initial_release_date": "2018-10-16T17:05:43+00:00", "revision_history": [ { "date": "2018-10-16T17:05:43+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-10-16T17:05:43+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T12:10:22+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Operations Network 3.3", "product": { "name": "Red Hat JBoss Operations Network 3.3", "product_id": "Red Hat JBoss Operations Network 3.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_operations_network:3.3" } } } ], "category": "product_family", "name": "Red Hat JBoss Operations Network" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "0c0c0f from 360\u89c2\u661f\u5b9e\u9a8c\u5ba4" ] } ], "cve": "CVE-2017-17485", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2017-12-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1528565" } ], "notes": [ { "category": "description", "text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisting more classes that could be used maliciously.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Operations Network 3.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-17485" }, { "category": "external", "summary": "RHBZ#1528565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528565" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-17485", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17485" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-17485", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17485" }, { "category": "external", "summary": "https://access.redhat.com/solutions/3442891", "url": "https://access.redhat.com/solutions/3442891" } ], "release_date": "2017-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-10-16T17:05:43+00:00", "details": "Before applying this update, back up your existing JBoss Operations Network installation (including its databases, applications, configuration files, the JBoss Operations Network server\u0027s file system directory, and so on).\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Operations Network 3.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2930" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Operations Network 3.3" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)" }, { "cve": "CVE-2018-1336", "discovery_date": "2018-07-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1607591" } ], "notes": [ { "category": "description", "text": "An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: A bug in the UTF-8 decoder can lead to DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Fuse 6.3 and 7 standalone distributions ship but do not use tomcat, and as such are not affected by this flaw; however, Fuse Integration Services 2.0 and Fuse 7 on OpenShift provide the affected artifacts via their respective maven repositories, and will provide fixes for this issue in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Operations Network 3.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1336" }, { "category": "external", "summary": "RHBZ#1607591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1607591" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1336", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1336" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1336", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1336" } ], "release_date": "2018-07-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-10-16T17:05:43+00:00", "details": "Before applying this update, back up your existing JBoss Operations Network installation (including its databases, applications, configuration files, the JBoss Operations Network server\u0027s file system directory, and so on).\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Operations Network 3.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2930" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Operations Network 3.3" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat: A bug in the UTF-8 decoder can lead to DoS" }, { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Operations Network 3.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-10-16T17:05:43+00:00", "details": "Before applying this update, back up your existing JBoss Operations Network installation (including its databases, applications, configuration files, the JBoss Operations Network server\u0027s file system directory, and so on).\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Operations Network 3.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2930" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Operations Network 3.3" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" }, { "cve": "CVE-2018-12533", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2018-05-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1584490" } ], "notes": [ { "category": "description", "text": "JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.", "title": "Vulnerability description" }, { "category": "summary", "text": "RichFaces: Injection of arbitrary EL expressions allows remote code execution via org.richfaces.renderkit.html.Paint2DResource", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Operations Network 3.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-12533" }, { "category": "external", "summary": "RHBZ#1584490", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1584490" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-12533", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12533" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12533", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12533" }, { "category": "external", "summary": "https://codewhitesec.blogspot.com/2018/05/poor-richfaces.html", "url": "https://codewhitesec.blogspot.com/2018/05/poor-richfaces.html" } ], "release_date": "2018-05-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-10-16T17:05:43+00:00", "details": "Before applying this update, back up your existing JBoss Operations Network installation (including its databases, applications, configuration files, the JBoss Operations Network server\u0027s file system directory, and so on).\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Operations Network 3.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2930" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Operations Network 3.3" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "RichFaces: Injection of arbitrary EL expressions allows remote code execution via org.richfaces.renderkit.html.Paint2DResource" } ] }
rhsa-2018_2143
Vulnerability from csaf_redhat
Published
2018-07-05 15:28
Modified
2024-11-25 12:10
Summary
Red Hat Security Advisory: Red Hat Decision Manager 7.0.1 bug fix and security update
Notes
Topic
An update is now available for Red Hat Decision Manager.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business.
This release of Red Hat Decision Manager 7.0.1 serves as an update to Red Hat Decision Manager 7.0.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack (CVE-2016-6346)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Chris McCown for reporting CVE-2018-8088 and Mikhail Egorov (Odin) for reporting CVE-2016-6346.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat Decision Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model \u0026 Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. \n\nThis release of Red Hat Decision Manager 7.0.1 serves as an update to Red Hat Decision Manager 7.0.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack (CVE-2016-6346)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Chris McCown for reporting CVE-2018-8088 and Mikhail Egorov (Odin) for reporting CVE-2016-6346.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:2143", "url": "https://access.redhat.com/errata/RHSA-2018:2143" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhdm\u0026version=7.0.1", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhdm\u0026version=7.0.1" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en/red_hat_decision_manager/7.0/", "url": "https://access.redhat.com/documentation/en/red_hat_decision_manager/7.0/" }, { "category": "external", "summary": "1372120", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372120" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2143.json" } ], "title": "Red Hat Security Advisory: Red Hat Decision Manager 7.0.1 bug fix and security update", "tracking": { "current_release_date": "2024-11-25T12:10:58+00:00", "generator": { "date": "2024-11-25T12:10:58+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:2143", "initial_release_date": "2018-07-05T15:28:15+00:00", "revision_history": [ { "date": "2018-07-05T15:28:15+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-07-05T15:28:15+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T12:10:58+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss BRMS 7.0", "product": { "name": "Red Hat JBoss BRMS 7.0", "product_id": "Red Hat JBoss BRMS 7.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7.0" } } } ], "category": "product_family", "name": "Red Hat Decision Manager" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Mikhail Egorov" ], "organization": "Odin" } ], "cve": "CVE-2016-6346", "discovery_date": "2016-08-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1372120" } ], "notes": [ { "category": "description", "text": "It was found that GZIPInterceptor is enabled when not necessarily required in RESTEasy. An attacker could use this flaw to launch a Denial of Service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue was fixed in EAP 7.1.0, but was not fixed in 7.0.7\nOn Red Hat Satellite 6.5 this issue is fixed through the candlepin package update (candlepin 2.5.8), which contains a non-vulnerable version of RESTEasy.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss BRMS 7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-6346" }, { "category": "external", "summary": "RHBZ#1372120", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372120" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-6346", "url": "https://www.cve.org/CVERecord?id=CVE-2016-6346" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6346", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6346" } ], "release_date": "2016-09-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-05T15:28:15+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss BRMS 7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2143" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss BRMS 7.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack" }, { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss BRMS 7.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-07-05T15:28:15+00:00", "details": "For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss BRMS 7.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2143" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss BRMS 7.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
rhsa-2018_1249
Vulnerability from csaf_redhat
Published
2018-04-25 18:33
Modified
2024-11-25 12:10
Summary
Red Hat Security Advisory: jboss-ec2-eap package for EAP 7.1.2
Notes
Topic
An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 7.1.2 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 7.1.2 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2).
With this update, the eap7-jboss-ec2-eap package has been updated to ensure
compatibility with Red Hat JBoss Enterprise Application Platform 7.1.2.
Refer to the JBoss Enterprise Application Platform 7.1 Release Notes, linked to in the References section, for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix
of CVE-2016-4993) (CVE-2018-1067)
* wildfly-undertow: undertow: Path traversal in ServletResourceManager class
(CVE-2018-1047)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
Red Hat would like to thank Ammarit Thongthua and Nattakit Intarasorn (Deloitte Thailand Pentest team) for reporting CVE-2018-1067, and Chris McCown for reporting CVE-2018-8088.
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 7.1.2 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 7.1.2 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2).\n\nWith this update, the eap7-jboss-ec2-eap package has been updated to ensure\ncompatibility with Red Hat JBoss Enterprise Application Platform 7.1.2.\n\nRefer to the JBoss Enterprise Application Platform 7.1 Release Notes, linked to in the References section, for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix\nof CVE-2016-4993) (CVE-2018-1067)\n\n* wildfly-undertow: undertow: Path traversal in ServletResourceManager class\n(CVE-2018-1047)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\nRed Hat would like to thank Ammarit Thongthua and Nattakit Intarasorn (Deloitte Thailand Pentest team) for reporting CVE-2018-1067, and Chris McCown for reporting CVE-2018-8088.\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:1249", "url": "https://access.redhat.com/errata/RHSA-2018:1249" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/" }, { "category": "external", "summary": "1528361", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528361" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "1550671", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550671" }, { "category": "external", "summary": "JBEAP-14137", "url": "https://issues.redhat.com/browse/JBEAP-14137" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1249.json" } ], "title": "Red Hat Security Advisory: jboss-ec2-eap package for EAP 7.1.2", "tracking": { "current_release_date": "2024-11-25T12:10:14+00:00", "generator": { "date": "2024-11-25T12:10:14+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:1249", "initial_release_date": "2018-04-25T18:33:41+00:00", "revision_history": [ { "date": "2018-04-25T18:33:41+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-04-25T18:33:41+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T12:10:14+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.src", "product": { "name": "eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.src", "product_id": "eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ec2-eap@7.1.2-1.GA_redhat_1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.src", "product": { "name": "eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.src", "product_id": "eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ec2-eap@7.1.2-1.GA_redhat_1.ep7.el6?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch", "product": { "name": "eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch", "product_id": "eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ec2-eap@7.1.2-1.GA_redhat_1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch", "product": { "name": "eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch", "product_id": "eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ec2-eap-samples@7.1.2-1.GA_redhat_1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "product": { "name": "eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "product_id": "eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ec2-eap@7.1.2-1.GA_redhat_1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "product": { "name": "eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "product_id": "eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ec2-eap-samples@7.1.2-1.GA_redhat_1.ep7.el6?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.src" }, "product_reference": "eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.src" }, "product_reference": "eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch" }, "product_reference": "eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-1047", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2017-12-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1528361" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was discovered in Undertow\u0027s org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method. This could lead to information disclosure of arbitrary local files.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Path traversal in ServletResourceManager class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1047" }, { "category": "external", "summary": "RHBZ#1528361", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528361" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1047", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1047" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1047", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1047" } ], "release_date": "2017-12-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-04-25T18:33:41+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1249" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Path traversal in ServletResourceManager class" }, { "acknowledgments": [ { "names": [ "Ammarit Thongthua", "Nattakit Intarasorn" ], "organization": "Deloitte Thailand Pentest team" } ], "cve": "CVE-2018-1067", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2018-03-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1550671" } ], "notes": [ { "category": "description", "text": "It was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1067" }, { "category": "external", "summary": "RHBZ#1550671", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550671" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1067", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1067" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1067", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1067" } ], "release_date": "2018-04-25T17:51:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-04-25T18:33:41+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1249" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)" }, { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-04-25T18:33:41+00:00", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1249" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el6.noarch", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-0:7.1.2-1.GA_redhat_1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-jboss-ec2-eap-samples-0:7.1.2-1.GA_redhat_1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
rhsa-2019_3140
Vulnerability from csaf_redhat
Published
2019-10-17 14:54
Modified
2024-11-25 12:10
Summary
Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.4.8 security update
Notes
Topic
An update is now available for Red Hat JBoss Data Virtualization.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database.
This release of Red Hat JBoss Data Virtualization 6.4.8 serves as a replacement for Red Hat JBoss Data Virtualization 6.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands (CVE-2016-5397)
* tika-core: tika: Command injection in tika-server can allow remote attackers to execute arbitrary commands via crafted headers (CVE-2018-1335)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
* jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)
* libthrift: thrift: Improper Access Control grants access to files outside the webservers docroot path (CVE-2018-11798)
* jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)
* jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)
* jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)
* jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)
* jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)
* jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)
* jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)
* zookeeper: Information disclosure in Apache ZooKeeper (CVE-2019-0201)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Data Virtualization.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database.\n\nThis release of Red Hat JBoss Data Virtualization 6.4.8 serves as a replacement for Red Hat JBoss Data Virtualization 6.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands (CVE-2016-5397)\n\n* tika-core: tika: Command injection in tika-server can allow remote attackers to execute arbitrary commands via crafted headers (CVE-2018-1335)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\n* jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)\n\n* libthrift: thrift: Improper Access Control grants access to files outside the webservers docroot path (CVE-2018-11798)\n\n* jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)\n\n* jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)\n\n* jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)\n\n* jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)\n\n* jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)\n\n* jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)\n\n* jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)\n\n* zookeeper: Information disclosure in Apache ZooKeeper (CVE-2019-0201)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2019:3140", "url": "https://access.redhat.com/errata/RHSA-2019:3140" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.services.platform\u0026downloadType=securityPatches\u0026version=6.4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.services.platform\u0026downloadType=securityPatches\u0026version=6.4" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_data_virtualization/6.4/html/release_notes/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_data_virtualization/6.4/html/release_notes/" }, { "category": "external", "summary": "1544620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1544620" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "1572416", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572416" }, { "category": "external", "summary": "1666415", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666415" }, { "category": "external", "summary": "1666418", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666418" }, { "category": "external", "summary": "1666482", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666482" }, { "category": "external", "summary": "1666484", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666484" }, { "category": "external", "summary": "1666489", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666489" }, { "category": "external", "summary": "1667188", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667188" }, { "category": "external", "summary": "1671096", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671096" }, { "category": "external", "summary": "1671097", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671097" }, { "category": "external", "summary": "1677341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677341" }, { "category": "external", "summary": "1715197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715197" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3140.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.4.8 security update", "tracking": { "current_release_date": "2024-11-25T12:10:33+00:00", "generator": { "date": "2024-11-25T12:10:33+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2019:3140", "initial_release_date": "2019-10-17T14:54:30+00:00", "revision_history": [ { "date": "2019-10-17T14:54:30+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-10-17T14:54:30+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T12:10:33+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Data Virtualization 6.4.8", "product": { "name": "Red Hat JBoss Data Virtualization 6.4.8", "product_id": "Red Hat JBoss Data Virtualization 6.4.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_data_virtualization:6.4" } } } ], "category": "product_family", "name": "Red Hat JBoss Data Virtualization" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-5397", "cwe": { "id": "CWE-78", "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)" }, "discovery_date": "2018-02-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1544620" } ], "notes": [ { "category": "description", "text": "The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.", "title": "Vulnerability description" }, { "category": "summary", "text": "thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands", "title": "Vulnerability summary" }, { "category": "other", "text": "libthrift is a library used by OpenDaylight which is shipped with Red Hat OpenStack. Whilst the version of the library used contains the vulnerable code it is not used by OpenDaylight and hence not exposed.\n\nJBoss fuse 6.3 ships libthrift via insight-activemq fabric-8 profile, however the vulnerable code is not used by fabric-8 so fuse 6.3 is not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Data Virtualization 6.4.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-5397" }, { "category": "external", "summary": "RHBZ#1544620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1544620" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5397", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5397" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5397", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5397" } ], "release_date": "2016-07-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-10-17T14:54:30+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Data Virtualization 6.4.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Data Virtualization 6.4.8" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands" }, { "cve": "CVE-2018-1335", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2018-04-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1572416" } ], "notes": [ { "category": "description", "text": "From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.", "title": "Vulnerability description" }, { "category": "summary", "text": "tika: Command injection in tika-server can allow remote attackers to execute arbitrary commands via crafted headers", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of tika which is embedded in the nutch package as shipped with Red Hat Satellite 5. The tika server is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Data Virtualization 6.4.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1335" }, { "category": "external", "summary": "RHBZ#1572416", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572416" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1335", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1335" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1335", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1335" }, { "category": "external", "summary": "https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E", "url": "https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E" } ], "release_date": "2018-04-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-10-17T14:54:30+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Data Virtualization 6.4.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Data Virtualization 6.4.8" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tika: Command injection in tika-server can allow remote attackers to execute arbitrary commands via crafted headers" }, { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Data Virtualization 6.4.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-10-17T14:54:30+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Data Virtualization 6.4.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Data Virtualization 6.4.8" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" }, { "cve": "CVE-2018-11307", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1677341" } ], "notes": [ { "category": "description", "text": "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 is not affected by this issue, since Candlepin\u0027s java runtime environment does not load MyBatis classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not include MyBatis classes.\n\nRed Hat Fuse 6 and 7 are not directly affected by this issue, as although they do ship the vulnerable jackson-databind component, they do not enable polymorphic deserialization or default typing which are required for exploitability. Their impacts have correspondingly been reduced to Moderate. Future updates may address this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Data Virtualization 6.4.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-11307" }, { "category": "external", "summary": "RHBZ#1677341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-11307", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11307" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-11307", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11307" } ], "release_date": "2018-05-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-10-17T14:54:30+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Data Virtualization 6.4.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Data Virtualization 6.4.8" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis" }, { "cve": "CVE-2018-11798", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2019-01-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1667188" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Node.js static web server in Apache Thrift, where it allowed a remote user to access files outside of the set web servers\u0027 docroot path. An attacker could use this flaw to possibly access unauthorized files and sensitive information.", "title": "Vulnerability description" }, { "category": "summary", "text": "thrift: Improper Access Control grants access to files outside the webservers docroot path", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenStack and OpenDaylight:\nThe Java implementation of thrift is used in OpenDaylight by parts of the vpnservice functionality. This flaw refers to the JavaScript (node.js) server for Thrift, which is not used or shipped with OpenDaylight or any other part of Red Hat OpenStack Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Data Virtualization 6.4.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-11798" }, { "category": "external", "summary": "RHBZ#1667188", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667188" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-11798", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11798" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-11798", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11798" } ], "release_date": "2018-10-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-10-17T14:54:30+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Data Virtualization 6.4.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Data Virtualization 6.4.8" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "thrift: Improper Access Control grants access to files outside the webservers docroot path" }, { "cve": "CVE-2018-12022", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1671097" } ], "notes": [ { "category": "description", "text": "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: improper polymorphic deserialization of types from Jodd-db library", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 is not affected by this issue, since Candlepin\u0027s java runtime environment does not load Jodd classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not load Jodd classes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Data Virtualization 6.4.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-12022" }, { "category": "external", "summary": "RHBZ#1671097", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671097" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-12022", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12022" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12022", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12022" } ], "release_date": "2018-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-10-17T14:54:30+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Data Virtualization 6.4.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Data Virtualization 6.4.8" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: improper polymorphic deserialization of types from Jodd-db library" }, { "cve": "CVE-2018-12023", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1671096" } ], "notes": [ { "category": "description", "text": "A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 is not affected by this issue, since Candlepin\u0027s java runtime environment does not load Oracle\u0027s JDBC classes.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not load Oracle\u0027s JDBC classes.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Data Virtualization 6.4.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-12023" }, { "category": "external", "summary": "RHBZ#1671096", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671096" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-12023", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12023" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12023", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12023" } ], "release_date": "2018-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-10-17T14:54:30+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Data Virtualization 6.4.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Data Virtualization 6.4.8" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver" }, { "cve": "CVE-2018-14718", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666415" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: arbitrary code execution in slf4j-ext class", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability in jackson-databind involves exploiting CVE-2018-1088 against slf4j, which was fixed in Red Hat products through the errata referenced at https://access.redhat.com/security/cve/cve-2018-8088. Applications that link only slf4j versions including that fix are not vulnerable to this vulnerability.\n\nRed Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t bundle slf4j-ext jar.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Data Virtualization 6.4.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14718" }, { "category": "external", "summary": "RHBZ#1666415", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666415" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14718", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14718" } ], "release_date": "2018-07-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-10-17T14:54:30+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Data Virtualization 6.4.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Data Virtualization 6.4.8" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: arbitrary code execution in slf4j-ext class" }, { "cve": "CVE-2018-14719", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666418" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using blaze classes. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat products are not affected by this issue as they do not bundle or provide the requisite gadget jars to exploit this vulnerability:\nRed Hat Satellite 6\nRed Hat Enterprise Virtualization 4\nRed Hat Fuse 6, 7, and Fuse Integration Services 2\nRed Hat A-MQ 6", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Data Virtualization 6.4.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14719" }, { "category": "external", "summary": "RHBZ#1666418", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666418" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14719", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14719" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14719", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14719" } ], "release_date": "2018-07-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-10-17T14:54:30+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Data Virtualization 6.4.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Data Virtualization 6.4.8" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes" }, { "cve": "CVE-2018-19360", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666482" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t include axis2-transport-jms jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not include axis2-transport-jms jar.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Data Virtualization 6.4.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-19360" }, { "category": "external", "summary": "RHBZ#1666482", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666482" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-19360", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19360" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19360", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19360" } ], "release_date": "2018-11-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-10-17T14:54:30+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Data Virtualization 6.4.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Data Virtualization 6.4.8" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class" }, { "cve": "CVE-2018-19361", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666484" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the OpenJPA class. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: improper polymorphic deserialization in openjpa class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t bundle openjpa jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn\u0027t bundle openjpa jar.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Data Virtualization 6.4.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-19361" }, { "category": "external", "summary": "RHBZ#1666484", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666484" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-19361", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19361" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19361", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19361" } ], "release_date": "2018-11-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-10-17T14:54:30+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Data Virtualization 6.4.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Data Virtualization 6.4.8" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: improper polymorphic deserialization in openjpa class" }, { "cve": "CVE-2018-19362", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666489" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the jboss-common-core class. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: improper polymorphic deserialization in jboss-common-core class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t bundle jboss-common-core jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn\u0027t bundle jboss-common-core jar.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Data Virtualization 6.4.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-19362" }, { "category": "external", "summary": "RHBZ#1666489", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666489" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-19362", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19362" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19362", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19362" } ], "release_date": "2018-11-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-10-17T14:54:30+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Data Virtualization 6.4.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3140" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Data Virtualization 6.4.8" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: improper polymorphic deserialization in jboss-common-core class" }, { "cve": "CVE-2019-0201", "cwe": { "id": "CWE-732", "name": "Incorrect Permission Assignment for Critical Resource" }, "discovery_date": "2019-05-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1715197" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache ZooKeeper. A lack of permission checks while retrieving ACLs allows unsalted hash values to be disclosed for unauthenticated or unprivileged users.", "title": "Vulnerability description" }, { "category": "summary", "text": "zookeeper: Information disclosure in Apache ZooKeeper", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Data Virtualization 6.4.8" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0201" }, { "category": "external", "summary": "RHBZ#1715197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715197" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0201", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0201" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0201", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0201" } ], "release_date": "2019-05-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-10-17T14:54:30+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Data Virtualization 6.4.8" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3140" }, { "category": "workaround", "details": "Use an authentication method other than Digest (e.g. Kerberos) or upgrade to zookeeper 3.4.14 or later (3.5.5 or later if on the 3.5 branch). [https://zookeeper.apache.org/security.html#CVE-2019-0201]", "product_ids": [ "Red Hat JBoss Data Virtualization 6.4.8" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Data Virtualization 6.4.8" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "zookeeper: Information disclosure in Apache ZooKeeper" } ] }
rhsa-2018_1323
Vulnerability from csaf_redhat
Published
2018-05-04 14:33
Modified
2024-11-25 12:10
Summary
Red Hat Security Advisory: Red Hat Single Sign-On 7.2.2 security update
Notes
Topic
Red Hat Single Sign-On 7.2.2 is now available for download from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat Single Sign-On 7.2.2 serves as a replacement for Red Hat Single Sign-On 7.2.1, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.
Security Fix(es):
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Chris McCown for reporting this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat Single Sign-On 7.2.2 is now available for download from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.2.2 serves as a replacement for Red Hat Single Sign-On 7.2.1, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Chris McCown for reporting this issue.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:1323", "url": "https://access.redhat.com/errata/RHSA-2018:1323" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=core.service.rhsso\u0026version=7.2", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=core.service.rhsso\u0026version=7.2" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign_on/?version=7.2", "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign_on/?version=7.2" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1323.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.2.2 security update", "tracking": { "current_release_date": "2024-11-25T12:10:53+00:00", "generator": { "date": "2024-11-25T12:10:53+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:1323", "initial_release_date": "2018-05-04T14:33:09+00:00", "revision_history": [ { "date": "2018-05-04T14:33:09+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-05-04T14:33:09+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T12:10:53+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.2.2 zip", "product": { "name": "Red Hat Single Sign-On 7.2.2 zip", "product_id": "Red Hat Single Sign-On 7.2.2 zip", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_single_sign_on:7.2" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.2.2 zip" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-04T14:33:09+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.2.2 zip" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1323" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat Single Sign-On 7.2.2 zip" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
rhsa-2018_2420
Vulnerability from csaf_redhat
Published
2018-08-15 07:41
Modified
2024-11-25 12:10
Summary
Red Hat Security Advisory: Red Hat JBoss BRMS 6.4.11 security update
Notes
Topic
An update is now available for Red Hat JBoss BRMS.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules.
This release of Red Hat JBoss BRMS 6.4.11 serves as a replacement for Red Hat JBoss BRMS 6.4.10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Chris McCown for reporting this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss BRMS.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules.\n\nThis release of Red Hat JBoss BRMS 6.4.11 serves as a replacement for Red Hat JBoss BRMS 6.4.10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Chris McCown for reporting this issue.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:2420", "url": "https://access.redhat.com/errata/RHSA-2018:2420" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=rhdm\u0026version=6.4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=rhdm\u0026version=6.4" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/6.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/6.4/" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2420.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss BRMS 6.4.11 security update", "tracking": { "current_release_date": "2024-11-25T12:10:11+00:00", "generator": { "date": "2024-11-25T12:10:11+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:2420", "initial_release_date": "2018-08-15T07:41:58+00:00", "revision_history": [ { "date": "2018-08-15T07:41:58+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-08-15T07:41:58+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T12:10:11+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss BRMS 6.4", "product": { "name": "Red Hat JBoss BRMS 6.4", "product_id": "Red Hat JBoss BRMS 6.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:6.4" } } } ], "category": "product_family", "name": "Red Hat Decision Manager" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss BRMS 6.4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T07:41:58+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss BRMS 6.4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2420" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss BRMS 6.4" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
rhsa-2018_0628
Vulnerability from csaf_redhat
Published
2018-04-03 18:34
Modified
2024-11-25 12:09
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on WildFly.
This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 7.1.
Security Fix(es):
* An XML deserialization vulnerability was discovered in slf4j's EventData which accepts xml serialized string and can lead to arbitrary code execution. (CVE-2018-8088)
The Simple Logging Facade for Java or (SLF4J) is a simple facade for various
logging APIs allowing the end-user to plug in the desired implementation at
deployment time. SLF4J also allows for a gradual migration path away from
Jakarta Commons Logging (JCL).
Red Hat would like to thank Chris McCown for reporting CVE-2018-8088.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on WildFly.\n\nThis asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 7.1.\n\nSecurity Fix(es):\n\n* An XML deserialization vulnerability was discovered in slf4j\u0027s EventData which accepts xml serialized string and can lead to arbitrary code execution. (CVE-2018-8088)\n\nThe Simple Logging Facade for Java or (SLF4J) is a simple facade for various\nlogging APIs allowing the end-user to plug in the desired implementation at\ndeployment time. SLF4J also allows for a gradual migration path away from\nJakarta Commons Logging (JCL).\n\nRed Hat would like to thank Chris McCown for reporting CVE-2018-8088.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:0628", "url": "https://access.redhat.com/errata/RHSA-2018:0628" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0628.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1 security update", "tracking": { "current_release_date": "2024-11-25T12:09:54+00:00", "generator": { "date": "2024-11-25T12:09:54+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:0628", "initial_release_date": "2018-04-03T18:34:02+00:00", "revision_history": [ { "date": "2018-04-03T18:34:02+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-04-03T18:34:02+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T12:09:54+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.src", "product": { "name": "eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.src", "product_id": "eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-slf4j@1.7.22-3.redhat_2.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.src", "product": { "name": "eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.src", "product_id": "eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-slf4j@1.7.22-3.redhat_2.1.ep7.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "product": { "name": "eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "product_id": "eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-slf4j@1.7.22-3.redhat_2.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-slf4j-api-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "product": { "name": "eap7-slf4j-api-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "product_id": "eap7-slf4j-api-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-slf4j-api@1.7.22-3.redhat_2.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jcl-over-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "product": { "name": "eap7-jcl-over-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "product_id": "eap7-jcl-over-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jcl-over-slf4j@1.7.22-3.redhat_2.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-slf4j-ext-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "product": { "name": "eap7-slf4j-ext-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "product_id": "eap7-slf4j-ext-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-slf4j-ext@1.7.22-3.redhat_2.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "product": { "name": "eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "product_id": "eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-slf4j@1.7.22-3.redhat_2.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-slf4j-api-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "product": { "name": "eap7-slf4j-api-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "product_id": "eap7-slf4j-api-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-slf4j-api@1.7.22-3.redhat_2.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jcl-over-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "product": { "name": "eap7-jcl-over-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "product_id": "eap7-jcl-over-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jcl-over-slf4j@1.7.22-3.redhat_2.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "eap7-slf4j-ext-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "product": { "name": "eap7-slf4j-ext-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "product_id": "eap7-slf4j-ext-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-slf4j-ext@1.7.22-3.redhat_2.1.ep7.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-jcl-over-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jcl-over-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.noarch" }, "product_reference": "eap7-jcl-over-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.noarch" }, "product_reference": "eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.src" }, "product_reference": "eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-slf4j-api-0:1.7.22-3.redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-slf4j-api-0:1.7.22-3.redhat_2.1.ep7.el6.noarch" }, "product_reference": "eap7-slf4j-api-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-slf4j-ext-0:1.7.22-3.redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-slf4j-ext-0:1.7.22-3.redhat_2.1.ep7.el6.noarch" }, "product_reference": "eap7-slf4j-ext-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jcl-over-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-jcl-over-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.noarch" }, "product_reference": "eap7-jcl-over-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.noarch" }, "product_reference": "eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.src" }, "product_reference": "eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.src", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-slf4j-api-0:1.7.22-3.redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-slf4j-api-0:1.7.22-3.redhat_2.1.ep7.el7.noarch" }, "product_reference": "eap7-slf4j-api-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-slf4j-ext-0:1.7.22-3.redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.1:eap7-slf4j-ext-0:1.7.22-3.redhat_2.1.ep7.el7.noarch" }, "product_reference": "eap7-slf4j-ext-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-7.1" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.1:eap7-jcl-over-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-slf4j-api-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-slf4j-ext-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "7Server-JBEAP-7.1:eap7-jcl-over-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-slf4j-api-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-slf4j-ext-0:1.7.22-3.redhat_2.1.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-04-03T18:34:02+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.1:eap7-jcl-over-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-slf4j-api-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-slf4j-ext-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "7Server-JBEAP-7.1:eap7-jcl-over-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-slf4j-api-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-slf4j-ext-0:1.7.22-3.redhat_2.1.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:0628" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-JBEAP-7.1:eap7-jcl-over-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-slf4j-api-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-slf4j-ext-0:1.7.22-3.redhat_2.1.ep7.el6.noarch", "7Server-JBEAP-7.1:eap7-jcl-over-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-slf4j-0:1.7.22-3.redhat_2.1.ep7.el7.src", "7Server-JBEAP-7.1:eap7-slf4j-api-0:1.7.22-3.redhat_2.1.ep7.el7.noarch", "7Server-JBEAP-7.1:eap7-slf4j-ext-0:1.7.22-3.redhat_2.1.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
rhsa-2018_1248
Vulnerability from csaf_redhat
Published
2018-04-25 18:21
Modified
2024-11-25 12:10
Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 7.1.2 on RHEL 6
Notes
Topic
Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.1.2 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 7.1.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993) (CVE-2018-1067)
* wildfly-undertow: undertow: Path traversal in ServletResourceManager class (CVE-2018-1047)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
Red Hat would like to thank Ammarit Thongthua and Nattakit Intarasorn (Deloitte Thailand Pentest team) for reporting CVE-2018-1067, and Chris McCown for reporting CVE-2018-8088.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.1.2 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.1.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993) (CVE-2018-1067)\n\n* wildfly-undertow: undertow: Path traversal in ServletResourceManager class (CVE-2018-1047)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\nRed Hat would like to thank Ammarit Thongthua and Nattakit Intarasorn (Deloitte Thailand Pentest team) for reporting CVE-2018-1067, and Chris McCown for reporting CVE-2018-8088.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:1248", "url": "https://access.redhat.com/errata/RHSA-2018:1248" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/" }, { "category": "external", "summary": "1528361", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528361" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "1550671", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550671" }, { "category": "external", "summary": "JBEAP-14135", "url": "https://issues.redhat.com/browse/JBEAP-14135" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1248.json" } ], "title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 7.1.2 on RHEL 6", "tracking": { "current_release_date": "2024-11-25T12:10:00+00:00", "generator": { "date": "2024-11-25T12:10:00+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:1248", "initial_release_date": "2018-04-25T18:21:23+00:00", "revision_history": [ { "date": "2018-04-25T18:21:23+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-04-25T18:21:23+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T12:10:00+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketbox@5.0.3-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketbox-infinispan@5.0.3-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-weld-2.2-api@2.4.0-3.SP2_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.8-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.8-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.8-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.8-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.8-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.8-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.8-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.8-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.8-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.2_spec@2.2.13-5.SP2_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@1.4.18-5.SP5_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.5-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.1.9-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.0.6-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups@3.6.14-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.10-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@8.2.10-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-commons@8.2.10-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-core@8.2.10-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@8.2.10-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@8.2.10-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@8.2.10-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-mod_cluster@1.3.9-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-jsf@2.4.7-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core-impl@2.4.7-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-probe-core@2.4.7-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@2.4.7-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.noarch", "product": { "name": "eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.noarch", "product_id": "eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-web-console-eap@2.9.16-2.Final_redhat_1.2.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-api@2.5.5-11.SP10_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-idm-api@2.5.5-11.SP10_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-impl@2.5.5-11.SP10_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-idm-impl@2.5.5-11.SP10_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-config@2.5.5-11.SP10_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-idm-simple-schema@2.5.5-11.SP10_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-common@2.5.5-11.SP10_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-11.SP10_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.1.13-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.1.13-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.1.13-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.1.13-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.1.13-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-infinispan@5.1.13-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.1@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.1@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0-to-eap7.1@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.1@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.1@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.1@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.0@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.0@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.0@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-wildfly8@2.5.5-11.SP10_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-11.SP10_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-native@1.5.5.010-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@1.5.5.010-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@1.5.5.010-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@1.5.5.010-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@1.5.5.010-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@1.5.5.010-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@1.5.5.010-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@1.5.5.010-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@1.5.5.010-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@1.5.5.010-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@1.5.5.010-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@1.5.5.010-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@1.5.5.010-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@1.5.5.010-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@1.5.5.010-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@1.5.5.010-1.redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.2-1.GA_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.1.2-1.GA_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "product_id": "eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.1.2-1.GA_redhat_1.1.ep7.el6?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.4-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketbox@5.0.3-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.src", "product_id": "eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-weld-2.2-api@2.4.0-3.SP2_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.8-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.src", "product_id": "eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.2_spec@2.2.13-5.SP2_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.src", "product_id": "eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@1.4.18-5.SP5_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.5.5-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.1.9-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.0.6-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jgroups@3.6.14-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-ejb-client@4.0.10-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-infinispan@8.2.10-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-mod_cluster@1.3.9-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-weld-core@2.4.7-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.src", "product": { "name": "eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.src", "product_id": "eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-web-console-eap@2.9.16-2.Final_redhat_1.2.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "product_id": "eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-federation@2.5.5-11.SP10_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.1.13-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "product_id": "eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.0.4-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "product_id": "eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-picketlink-bindings@2.5.5-11.SP10_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.src", "product": { "name": "eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.src", "product_id": "eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@1.5.5.010-1.redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "product_id": "eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.1.2-1.GA_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "product": { "name": "eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "product_id": "eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.1.2-1.GA_redhat_1.1.ep7.el6?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src" }, "product_reference": "eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.noarch" }, "product_reference": "eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-7.1" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.src" }, "product_reference": "eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.src", "relates_to_product_reference": "6Server-JBEAP-7.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-1047", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2017-12-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1528361" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was discovered in Undertow\u0027s org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method. This could lead to information disclosure of arbitrary local files.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Path traversal in ServletResourceManager class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1047" }, { "category": "external", "summary": "RHBZ#1528361", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528361" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1047", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1047" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1047", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1047" } ], "release_date": "2017-12-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-04-25T18:21:23+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1248" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Path traversal in ServletResourceManager class" }, { "acknowledgments": [ { "names": [ "Ammarit Thongthua", "Nattakit Intarasorn" ], "organization": "Deloitte Thailand Pentest team" } ], "cve": "CVE-2018-1067", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2018-03-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1550671" } ], "notes": [ { "category": "description", "text": "It was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1067" }, { "category": "external", "summary": "RHBZ#1550671", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550671" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1067", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1067" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1067", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1067" } ], "release_date": "2018-04-25T17:51:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-04-25T18:21:23+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1248" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)" }, { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-04-25T18:21:23+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1248" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-0:1.5.5.010-1.redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-activemq-artemis-cli-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-commons-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-core-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-dto-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hornetq-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-hqclient-protocol-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jdbc-store-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-client-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-jms-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-journal-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-native-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-ra-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-selector-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-server-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-activemq-artemis-service-extensions-0:1.5.5.010-1.redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-0:5.1.13-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-hibernate-core-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-entitymanager-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-envers-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-infinispan-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-hibernate-java8-0:5.1.13-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-0:8.2.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-infinispan-cachestore-jdbc-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-cachestore-remote-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-client-hotrod-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-commons-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-infinispan-core-0:8.2.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-0:1.4.8-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-ironjacamar-common-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-common-spi-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-api-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-core-impl-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-deployers-common-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-jdbc-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-ironjacamar-validator-0:1.4.8-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-ejb-client-0:4.0.10-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-jsf-api_2.2_spec-0:2.2.13-5.SP2_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-marshalling-0:2.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-marshalling-river-0:2.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-0:1.0.4-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-server-migration-cli-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-core-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap6.4-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly10.1-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly8.2-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.0-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-server-migration-wildfly9.0-to-eap7.1-0:1.0.4-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-weld-2.2-api-0:2.4.0-3.SP2_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jboss-xnio-base-0:3.5.5-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-jgroups-0:3.6.14-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-mod_cluster-0:1.3.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketbox-0:5.0.3-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketbox-infinispan-0:5.0.3-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-bindings-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-common-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-config-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-federation-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-picketlink-idm-api-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-idm-simple-schema-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-impl-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-picketlink-wildfly8-0:2.5.5-11.SP10_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-undertow-0:1.4.18-5.SP5_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-weld-core-impl-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-core-jsf-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-weld-probe-core-0:2.4.7-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-elytron-0:1.1.9-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-elytron-tool-0:1.0.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-javadocs-0:7.1.2-1.GA_redhat_1.1.ep7.el6.src", "6Server-JBEAP-7.1:eap7-wildfly-modules-0:7.1.2-1.GA_redhat_1.1.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.noarch", "6Server-JBEAP-7.1:eap7-wildfly-web-console-eap-0:2.9.16-2.Final_redhat_1.2.ep7.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
rhsa-2018_1525
Vulnerability from csaf_redhat
Published
2018-05-15 19:44
Modified
2024-11-25 12:10
Summary
Red Hat Security Advisory: rhvm-appliance security and enhancement update
Notes
Topic
An update for rhvm-appliance is now available for Red Hat Virtualization 4 for RHEL-7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.
The following packages have been upgraded to a later upstream version: rhvm-appliance (4.2). (BZ#1558801, BZ#1563545)
Security Fix(es):
* python-paramiko: Authentication bypass in transport.py (CVE-2018-7750)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
* undertow: Client can use bogus uri in Digest authentication (CVE-2017-12196)
* jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485) (CVE-2018-5968)
* ovirt-engine: account enumeration through login to web console (CVE-2018-1073)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Chris McCown for reporting CVE-2018-8088. The CVE-2017-12196 issue was discovered by Jan Stourac (Red Hat).
Enhancement(s):
* Previously, the default memory allotment for the RHV-M Virtual Appliance was always large enough to include support for user additions.
In this release, the RHV-M Virtual Appliance includes a swap partition that enables the memory to be increased when required. (BZ#1422982)
* Previously, the partitioning scheme for the RHV-M Virtual Appliance included two primary partitions, "/" and swap.
In this release, the disk partitioning scheme has been modified to match the scheme specified by NIST. The updated disk partitions are as follows:
/boot 1G (primary)
/home 1G (lvm)
/tmp 2G (lvm)
/var 20G (lvm)
/var/log 10G (lvm)
/var/log/audit 1G (lvm)
swap 8G (lvm)
/ 6G (primary) (BZ#1463853)
* Previously, the version tag was used as part of the RPM's naming scheme, for example, "4.1.timestamp", which created differences between the upstream and downstream versioning schemes. In this release, the downstream versioning scheme is aligned with the upstream scheme and the timestamp has moved from the version tag to the release tag. (BZ#1464486)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rhvm-appliance is now available for Red Hat Virtualization 4 for RHEL-7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.\n\nThe following packages have been upgraded to a later upstream version: rhvm-appliance (4.2). (BZ#1558801, BZ#1563545)\n\nSecurity Fix(es):\n\n* python-paramiko: Authentication bypass in transport.py (CVE-2018-7750)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\n* undertow: Client can use bogus uri in Digest authentication (CVE-2017-12196)\n\n* jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485) (CVE-2018-5968)\n\n* ovirt-engine: account enumeration through login to web console (CVE-2018-1073)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Chris McCown for reporting CVE-2018-8088. The CVE-2017-12196 issue was discovered by Jan Stourac (Red Hat).\n\nEnhancement(s):\n\n* Previously, the default memory allotment for the RHV-M Virtual Appliance was always large enough to include support for user additions.\n\nIn this release, the RHV-M Virtual Appliance includes a swap partition that enables the memory to be increased when required. (BZ#1422982)\n\n* Previously, the partitioning scheme for the RHV-M Virtual Appliance included two primary partitions, \"/\" and swap.\n\nIn this release, the disk partitioning scheme has been modified to match the scheme specified by NIST. The updated disk partitions are as follows:\n\n/boot 1G (primary)\n/home 1G (lvm)\n/tmp 2G (lvm)\n/var 20G (lvm)\n/var/log 10G (lvm)\n/var/log/audit 1G (lvm)\nswap 8G (lvm)\n/ 6G (primary) (BZ#1463853)\n\n* Previously, the version tag was used as part of the RPM\u0027s naming scheme, for example, \"4.1.timestamp\", which created differences between the upstream and downstream versioning schemes. In this release, the downstream versioning scheme is aligned with the upstream scheme and the timestamp has moved from the version tag to the release tag. (BZ#1464486)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:1525", "url": "https://access.redhat.com/errata/RHSA-2018:1525" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1422982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422982" }, { "category": "external", "summary": "1463853", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463853" }, { "category": "external", "summary": "1464486", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464486" }, { "category": "external", "summary": "1467946", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1467946" }, { "category": "external", "summary": "1476755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1476755" }, { "category": "external", "summary": "1503055", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503055" }, { "category": "external", "summary": "1538332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538332" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "1553525", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553525" }, { "category": "external", "summary": "1557130", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557130" }, { "category": "external", "summary": "1561888", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561888" }, { "category": "external", "summary": "1563737", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563737" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1525.json" } ], "title": "Red Hat Security Advisory: rhvm-appliance security and enhancement update", "tracking": { "current_release_date": "2024-11-25T12:10:07+00:00", "generator": { "date": "2024-11-25T12:10:07+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:1525", "initial_release_date": "2018-05-15T19:44:58+00:00", "revision_history": [ { "date": "2018-05-15T19:44:58+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-05-15T19:44:58+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T12:10:07+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts", "product": { "name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts", "product_id": "7Server-RHEV-4-Agents-7", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor" } } }, { "category": "product_name", "name": "Red Hat Virtualization 4 Hypervisor for RHEL 7", "product": { "name": "Red Hat Virtualization 4 Hypervisor for RHEL 7", "product_id": "7Server-RHEV-4-Hypervisor-7", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor" } } } ], "category": "product_family", "name": "Red Hat Virtualization" }, { "branches": [ { "category": "product_version", "name": "rhvm-appliance-2:4.2-20180504.0.el7.src", "product": { "name": "rhvm-appliance-2:4.2-20180504.0.el7.src", "product_id": "rhvm-appliance-2:4.2-20180504.0.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhvm-appliance@4.2-20180504.0.el7?arch=src\u0026epoch=2" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rhvm-appliance-2:4.2-20180504.0.el7.noarch", "product": { "name": "rhvm-appliance-2:4.2-20180504.0.el7.noarch", "product_id": "rhvm-appliance-2:4.2-20180504.0.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhvm-appliance@4.2-20180504.0.el7?arch=noarch\u0026epoch=2" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhvm-appliance-2:4.2-20180504.0.el7.noarch as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts", "product_id": "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch" }, "product_reference": "rhvm-appliance-2:4.2-20180504.0.el7.noarch", "relates_to_product_reference": "7Server-RHEV-4-Agents-7" }, { "category": "default_component_of", "full_product_name": { "name": "rhvm-appliance-2:4.2-20180504.0.el7.src as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts", "product_id": "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.src" }, "product_reference": "rhvm-appliance-2:4.2-20180504.0.el7.src", "relates_to_product_reference": "7Server-RHEV-4-Agents-7" }, { "category": "default_component_of", "full_product_name": { "name": "rhvm-appliance-2:4.2-20180504.0.el7.noarch as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7", "product_id": "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch" }, "product_reference": "rhvm-appliance-2:4.2-20180504.0.el7.noarch", "relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7" }, { "category": "default_component_of", "full_product_name": { "name": "rhvm-appliance-2:4.2-20180504.0.el7.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7", "product_id": "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.src" }, "product_reference": "rhvm-appliance-2:4.2-20180504.0.el7.src", "relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Jan Stourac" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2017-12196", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2017-10-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1503055" } ], "notes": [ { "category": "description", "text": "It was discovered that when using Digest authentication, the server does not ensure that the value of the URI in the authorization header matches the URI in the HTTP request line. This allows the attacker to execute a MITM attack and access the desired content on the server.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Client can use bogus uri in Digest authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-12196" }, { "category": "external", "summary": "RHBZ#1503055", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503055" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12196", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12196" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12196", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12196" } ], "release_date": "2018-03-12T15:56:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-15T19:44:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1525" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Client can use bogus uri in Digest authentication" }, { "cve": "CVE-2018-1073", "cwe": { "id": "CWE-209", "name": "Generation of Error Message Containing Sensitive Information" }, "discovery_date": "2018-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1553525" } ], "notes": [ { "category": "description", "text": "The ovirt-engine web console login form returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.", "title": "Vulnerability description" }, { "category": "summary", "text": "ovirt-engine: account enumeration through login to web console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1073" }, { "category": "external", "summary": "RHBZ#1553525", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553525" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1073", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1073" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1073", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1073" } ], "release_date": "2018-05-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-15T19:44:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1525" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "ovirt-engine: account enumeration through login to web console" }, { "acknowledgments": [ { "names": [ "Felix Wilhelm" ], "organization": "Google Security Team" } ], "cve": "CVE-2018-1111", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2018-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1567974" } ], "notes": [ { "category": "description", "text": "A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.", "title": "Vulnerability description" }, { "category": "summary", "text": "dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat has been made aware of a vulnerability affecting the DHCP client packages as shipped with Red Hat Enterprise Linux 6 and 7. This vulnerability CVE-2018-1111 was rated as having a security impact of Critical. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.\n\nRed Hat Enterprise Virtualization 4.1 includes the vulnerable components, but the default configuration is not impacted because NetworkManager is turned off in the Management Appliance, and not used in conjunction with DHCP in the Hypervisor. Customers can still obtain the updated packages from Red Hat Enterprise Linux channels using `yum update`, or upgrade to Red Hat Enterprise Virtualization 4.2, which includes the fixed packages.\n\nRed Hat Enterprise Virtualization 3.6 is not vulnerable as it does not use DHCP.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1111" }, { "category": "external", "summary": "RHBZ#1567974", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567974" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1111", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1111" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1111", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1111" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/3442151", "url": "https://access.redhat.com/security/vulnerabilities/3442151" } ], "release_date": "2018-05-15T12:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-15T19:44:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1525" }, { "category": "workaround", "details": "Please access https://access.redhat.com/security/vulnerabilities/3442151 for information on how to mitigate this issue.", "product_ids": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script" }, { "cve": "CVE-2018-5968", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-01-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1538332" } ], "notes": [ { "category": "description", "text": "A deserialization flaw was discovered in the jackson-databind that could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaws CVE-2017-7525 and CVE-2017-17485 by blacklisting more classes that could be used maliciously.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.x only uses the vulnerable Jackson Databind library for marshalling and unmarshalling of JSON objects passed to JAX-RS webservices. Some advice about how to remain safe when using JAX-RS webservices on JBoss EAP 7.x is available here: \n\nhttps://access.redhat.com/solutions/3279231\n\nThis issue affects the versions of jackson-databind (in Satellite 6.0 and 6.1) and candlepin (which embeds a copy of jackson-databind in Satellite 6.2) as shipped with Red Hat Satellitw 6.x. However the affected code is NOT used at this time:\n\nCandlepin currently uses the default type resolution configuration for the ObjectMappers it creates/uses. Nowhere in candlepin do we enable global polymorphic deserialization via enableDefaultTyping(...), therefore based on the documentation sited BZ 1462702 , candlepin should not be affected.\n\nHowever as the vulnerable software ships with the product we have marked them as vulnerable to ensure the issue is tracked.\n\nRed Hat Subscription Asset Manager version 1 is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having Important security impact and is not currently planned to be addressed in future updates.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-5968" }, { "category": "external", "summary": "RHBZ#1538332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5968", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5968" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5968", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5968" } ], "release_date": "2018-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-15T19:44:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1525" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)" }, { "cve": "CVE-2018-7750", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2018-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1557130" } ], "notes": [ { "category": "description", "text": "It was found that when acting as an SSH server, paramiko did not properly check whether authentication is completed before processing other requests. A customized SSH client could use this to bypass authentication when accessing any resources controlled by paramiko.", "title": "Vulnerability description" }, { "category": "summary", "text": "python-paramiko: Authentication bypass in transport.py", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is a user authentication bypass in the SSH Server functionality of paramiko (normally used by subclassing `paramiko.ServerInterface`). Where paramiko is used only for its client-side functionality (e.g. `paramiko.SSHClient`), the vulnerability is not exposed and thus cannot be exploited.\n\nThe following Red Hat products use paramiko only in client-side mode. Server side functionality is not used.\n\n* Red Hat Ceph Storage 2\n* Red Hat CloudForms 4\n* Red Hat Enterprise Linux 7\n* Red Hat Enterprise Virtualization\n* Red Hat Gluster Storage 3\n* Red Hat Openshift Container Platform\n* Red Hat Quick Cloud Installer\n* Red Hat Satellite 6\n* Red Hat Storage Console 2\n* Red Hat OpenStack Platform\n* Red Hat Update Infrastructure", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-7750" }, { "category": "external", "summary": "RHBZ#1557130", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557130" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7750", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7750" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7750", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7750" } ], "release_date": "2018-03-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-15T19:44:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1525" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "python-paramiko: Authentication bypass in transport.py" }, { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-15T19:44:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1525" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.2-20180504.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.noarch", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.2-20180504.0.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
rhsa-2018_0627
Vulnerability from csaf_redhat
Published
2018-04-03 18:37
Modified
2024-11-25 12:09
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 6.4.
Security Fix(es):
* An XML deserialization vulnerability was discovered in slf4j's EventData which accepts xml serialized string and can lead to arbitrary code execution. (CVE-2018-8088)
The Simple Logging Facade for Java or (SLF4J) is a simple facade for various logging APIs allowing the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging (JCL).
Red Hat would like to thank Chris McCown for reporting CVE-2018-8088.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 6.4.\n\nSecurity Fix(es):\n\n* An XML deserialization vulnerability was discovered in slf4j\u0027s EventData which accepts xml serialized string and can lead to arbitrary code execution. (CVE-2018-8088)\n\nThe Simple Logging Facade for Java or (SLF4J) is a simple facade for various logging APIs allowing the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging (JCL).\n\nRed Hat would like to thank Chris McCown for reporting CVE-2018-8088.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:0627", "url": "https://access.redhat.com/errata/RHSA-2018:0627" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0627.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4 security update", "tracking": { "current_release_date": "2024-11-25T12:09:49+00:00", "generator": { "date": "2024-11-25T12:09:49+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:0627", "initial_release_date": "2018-04-03T18:37:06+00:00", "revision_history": [ { "date": "2018-04-03T18:37:06+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-04-03T18:37:06+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T12:09:49+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el7.src", "product": { "name": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el7.src", "product_id": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j-eap6@1.7.2-14.redhat_4.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el5.src", "product": { "name": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el5.src", "product_id": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j-eap6@1.7.2-14.redhat_4.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el6.src", "product": { "name": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el6.src", "product_id": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j-eap6@1.7.2-14.redhat_4.1.ep6.el6?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el7.noarch", "product": { "name": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el7.noarch", "product_id": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j-eap6@1.7.2-14.redhat_4.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "slf4j-0:1.7.2-14.redhat_4.1.ep6.el5.noarch", "product": { "name": "slf4j-0:1.7.2-14.redhat_4.1.ep6.el5.noarch", "product_id": "slf4j-0:1.7.2-14.redhat_4.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j@1.7.2-14.redhat_4.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el5.noarch", "product": { "name": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el5.noarch", "product_id": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j-eap6@1.7.2-14.redhat_4.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el6.noarch", "product": { "name": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el6.noarch", "product_id": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j-eap6@1.7.2-14.redhat_4.1.ep6.el6?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.2-14.redhat_4.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:slf4j-0:1.7.2-14.redhat_4.1.ep6.el5.noarch" }, "product_reference": "slf4j-0:1.7.2-14.redhat_4.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el5.noarch" }, "product_reference": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el5.src" }, "product_reference": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el6.noarch" }, "product_reference": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el6.src" }, "product_reference": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el7.noarch" }, "product_reference": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el7.src" }, "product_reference": "slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEAP-6.4:slf4j-0:1.7.2-14.redhat_4.1.ep6.el5.noarch", "5Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el5.noarch", "5Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el5.src", "6Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el6.noarch", "6Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el6.src", "7Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el7.noarch", "7Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-04-03T18:37:06+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-JBEAP-6.4:slf4j-0:1.7.2-14.redhat_4.1.ep6.el5.noarch", "5Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el5.noarch", "5Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el5.src", "6Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el6.noarch", "6Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el6.src", "7Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el7.noarch", "7Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:0627" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "5Server-JBEAP-6.4:slf4j-0:1.7.2-14.redhat_4.1.ep6.el5.noarch", "5Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el5.noarch", "5Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el5.src", "6Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el6.noarch", "6Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el6.src", "7Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el7.noarch", "7Server-JBEAP-6.4:slf4j-eap6-0:1.7.2-14.redhat_4.1.ep6.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
rhsa-2018_1448
Vulnerability from csaf_redhat
Published
2018-05-14 20:36
Modified
2024-12-08 10:57
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.20 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
* Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability (CVE-2016-4978)
* solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163)
* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)
* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; 0c0c0f from 360观星实验室 for reporting CVE-2017-17485; and Chris McCown for reporting CVE-2018-8088.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\n* Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability (CVE-2016-4978)\n\n* solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163)\n\n* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)\n\n* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; 0c0c0f from 360\u89c2\u661f\u5b9e\u9a8c\u5ba4 for reporting CVE-2017-17485; and Chris McCown for reporting CVE-2018-8088.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:1448", "url": "https://access.redhat.com/errata/RHSA-2018:1448" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4" }, { "category": "external", "summary": "1379207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379207" }, { "category": "external", "summary": "1454783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1454783" }, { "category": "external", "summary": "1506612", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506612" }, { "category": "external", "summary": "1528565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528565" }, { "category": "external", "summary": "1548289", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548289" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "1549276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549276" }, { "category": "external", "summary": "1559010", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559010" }, { "category": "external", "summary": "1559013", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559013" }, { "category": "external", "summary": "1559018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559018" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1448.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.20 security update", "tracking": { "current_release_date": "2024-12-08T10:57:22+00:00", "generator": { "date": "2024-12-08T10:57:22+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2018:1448", "initial_release_date": "2018-05-14T20:36:07+00:00", "revision_history": [ { "date": "2018-05-14T20:36:07+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-05-14T20:36:07+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T10:57:22+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jgroups@3.2.18-1.Final_redhat_1.1.ep6.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossts@4.17.43-1.Final_redhat_1.1.ep6.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@7.5.28-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "product": { "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "product_id": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hornetq@2.3.25-26.SP24_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "product": { "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "product_id": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/lucene-solr@3.6.2-8.redhat_9.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "product": { "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "product_id": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson@1.9.9-12.redhat_6.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src", "product_id": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/picketbox@4.1.7-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-security@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-weld@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-connector@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-web@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-network@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-naming@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-version@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-mail@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cli@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-threads@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-xts@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-server@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-logging@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-sar@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-core@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-domain@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-appclient@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-standalone@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-bundles@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jgroups@3.2.18-1.Final_redhat_1.1.ep6.el7?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossts@4.17.43-1.Final_redhat_1.1.ep6.el7?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@7.5.28-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "product": { "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "product_id": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hornetq@2.3.25-26.SP24_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "product": { "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "product_id": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/lucene-solr@3.6.2-8.redhat_9.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product": { "name": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product_id": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson-core-asl@1.9.9-12.redhat_6.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product": { "name": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product_id": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson-jaxrs@1.9.9-12.redhat_6.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product": { "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product_id": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson@1.9.9-12.redhat_6.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product": { "name": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product_id": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson-xc@1.9.9-12.redhat_6.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product": { "name": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product_id": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson-mapper-asl@1.9.9-12.redhat_6.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/picketbox@4.1.7-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-security@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-weld@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-connector@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-web@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-network@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-naming@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-version@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-mail@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cli@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-threads@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-xts@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-server@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-logging@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-sar@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-core@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-domain@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-appclient@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-standalone@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-bundles@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch" }, "product_reference": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src" }, "product_reference": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch" }, "product_reference": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch" }, "product_reference": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch" }, "product_reference": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch" }, "product_reference": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch" }, "product_reference": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src" }, "product_reference": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch" }, "product_reference": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src" }, "product_reference": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch" }, "product_reference": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "relates_to_product_reference": "7Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" }, "product_reference": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src", "relates_to_product_reference": "7Server-JBEAP-6.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-4978", "discovery_date": "2016-09-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1379207" } ], "notes": [ { "category": "description", "text": "It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.", "title": "Vulnerability description" }, { "category": "summary", "text": "Artemis: Deserialization of untrusted input vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-4978" }, { "category": "external", "summary": "RHBZ#1379207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379207" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-4978", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4978" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-4978", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4978" } ], "release_date": "2016-09-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1448" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "version": "3.0" }, "products": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Artemis: Deserialization of untrusted input vulnerability" }, { "cve": "CVE-2017-3163", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2017-05-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1454783" } ], "notes": [ { "category": "description", "text": "When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.", "title": "Vulnerability description" }, { "category": "summary", "text": "solr: Directory traversal via Index Replication HTTP API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3163" }, { "category": "external", "summary": "RHBZ#1454783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1454783" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3163", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3163" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3163", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3163" } ], "release_date": "2017-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1448" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "solr: Directory traversal via Index Replication HTTP API" }, { "acknowledgments": [ { "names": [ "Liao Xinxi" ], "organization": "NSFOCUS" } ], "cve": "CVE-2017-15095", "cwe": { "id": "CWE-184", "name": "Incomplete List of Disallowed Inputs" }, "discovery_date": "2017-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1506612" } ], "notes": [ { "category": "description", "text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of jackson-databind (in Satellite 6.0 and 6.1) and candlepin (which embeds a copy of jackson-databind in Satellite 6.2) as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time:\n\nCandlepin currently uses the default type resolution configuration for the ObjectMappers it creates/uses. Nowhere in candlepin do we enable global polymorphic deserialization via enableDefaultTyping(...), therefore based on the documentation sited BZ 1462702 , candlepin should not be affected.\n\nHowever as the vulnerable software ships with the product we have marked them as vulnerable to ensure the issue is tracked.\n\nJBoss EAP 7.x only uses the vulnerable Jackson Databind library for marshalling and unmarshalling of JSON objects passed to JAX-RS webservices. Some advise about how to remain safe when using JAX-RS webservices on JBoss EAP 7.x is available here: \n\nhttps://access.redhat.com/solutions/3279231", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-15095" }, { "category": "external", "summary": "RHBZ#1506612", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506612" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-15095", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15095" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15095", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15095" }, { "category": "external", "summary": "https://access.redhat.com/solutions/3442891", "url": "https://access.redhat.com/solutions/3442891" } ], "release_date": "2017-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1448" }, { "category": "workaround", "details": "Mitigation to this problem is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", "product_ids": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)" }, { "acknowledgments": [ { "names": [ "0c0c0f from 360\u89c2\u661f\u5b9e\u9a8c\u5ba4" ] } ], "cve": "CVE-2017-17485", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2017-12-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1528565" } ], "notes": [ { "category": "description", "text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisting more classes that could be used maliciously.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-17485" }, { "category": "external", "summary": "RHBZ#1528565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528565" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-17485", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17485" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-17485", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17485" }, { "category": "external", "summary": "https://access.redhat.com/solutions/3442891", "url": "https://access.redhat.com/solutions/3442891" } ], "release_date": "2017-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1448" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)" }, { "cve": "CVE-2018-1304", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2018-02-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548289" } ], "notes": [ { "category": "description", "text": "The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1304" }, { "category": "external", "summary": "RHBZ#1548289", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548289" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1304", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1304" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1304" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85", "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28" } ], "release_date": "2018-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1448" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources" }, { "cve": "CVE-2018-7489", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1549276" } ], "notes": [ { "category": "description", "text": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates.\n\nSatellite 6.2 does not support c3p0 classes. Since the latter are required for this flaw, therefore Satellite 6.2 is not affected. Satellite 6.3 and 6.4 are not affected because Candlepin does not use polymorphic deserialization.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-7489" }, { "category": "external", "summary": "RHBZ#1549276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549276" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7489", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489" }, { "category": "external", "summary": "https://access.redhat.com/solutions/3442891", "url": "https://access.redhat.com/solutions/3442891" } ], "release_date": "2018-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1448" }, { "category": "workaround", "details": "Advice on how to remain safe while using JAX-RS webservices on JBoss EAP 7.x is available here:\n\nhttps://access.redhat.com/solutions/3279231\nhttps://github.com/FasterXML/jackson-docs/wiki/JacksonPolymorphicDeserialization\n\nGeneral Mitigation: \nTry to avoid \n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries" }, { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1448" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "7Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "7Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "7Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
rhsa-2018_0592
Vulnerability from csaf_redhat
Published
2018-03-26 20:05
Modified
2024-11-25 12:09
Summary
Red Hat Security Advisory: slf4j security update
Notes
Topic
An update for slf4j is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Simple Logging Facade for Java or (SLF4J) is a simple facade for various logging APIs allowing the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging (JCL).
Security Fix(es):
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Chris McCown for reporting this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for slf4j is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The Simple Logging Facade for Java or (SLF4J) is a simple facade for various logging APIs allowing the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging (JCL).\n\nSecurity Fix(es):\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Chris McCown for reporting this issue.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:0592", "url": "https://access.redhat.com/errata/RHSA-2018:0592" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0592.json" } ], "title": "Red Hat Security Advisory: slf4j security update", "tracking": { "current_release_date": "2024-11-25T12:09:38+00:00", "generator": { "date": "2024-11-25T12:09:38+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:0592", "initial_release_date": "2018-03-26T20:05:43+00:00", "revision_history": [ { "date": "2018-03-26T20:05:43+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-03-26T20:05:43+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T12:09:38+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Client Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": "Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.4.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product": { "name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.4.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.4.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "slf4j-0:1.7.4-4.el7_4.src", "product": { "name": "slf4j-0:1.7.4-4.el7_4.src", "product_id": "slf4j-0:1.7.4-4.el7_4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j@1.7.4-4.el7_4?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "slf4j-0:1.7.4-4.el7_4.noarch", "product": { "name": "slf4j-0:1.7.4-4.el7_4.noarch", "product_id": "slf4j-0:1.7.4-4.el7_4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j@1.7.4-4.el7_4?arch=noarch" } } }, { "category": "product_version", "name": "slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "product": { "name": "slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "product_id": "slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j-javadoc@1.7.4-4.el7_4?arch=noarch" } } }, { "category": "product_version", "name": "slf4j-manual-0:1.7.4-4.el7_4.noarch", "product": { "name": "slf4j-manual-0:1.7.4-4.el7_4.noarch", "product_id": "slf4j-manual-0:1.7.4-4.el7_4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j-manual@1.7.4-4.el7_4?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.4-4.el7_4.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.src" }, "product_reference": "slf4j-0:1.7.4-4.el7_4.src", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-javadoc-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-manual-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-manual-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7Client-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7ComputeNode-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.4-4.el7_4.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.4.Z:slf4j-0:1.7.4-4.el7_4.src" }, "product_reference": "slf4j-0:1.7.4-4.el7_4.src", "relates_to_product_reference": "7ComputeNode-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-javadoc-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7ComputeNode-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-manual-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-manual-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7ComputeNode-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.4-4.el7_4.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.src" }, "product_reference": "slf4j-0:1.7.4-4.el7_4.src", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-javadoc-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-manual-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-manual-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7ComputeNode-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.4-4.el7_4.src as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:slf4j-0:1.7.4-4.el7_4.src" }, "product_reference": "slf4j-0:1.7.4-4.el7_4.src", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-javadoc-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-manual-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-manual-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7Server-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7Server-Alt-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.4-4.el7_4.src as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.4.Z:slf4j-0:1.7.4-4.el7_4.src" }, "product_reference": "slf4j-0:1.7.4-4.el7_4.src", "relates_to_product_reference": "7Server-Alt-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-javadoc-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7Server-Alt-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-manual-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-manual-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7Server-Alt-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.4-4.el7_4.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.src" }, "product_reference": "slf4j-0:1.7.4-4.el7_4.src", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-javadoc-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-manual-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-manual-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7Server-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.4.z:slf4j-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7Server-optional-Alt-7.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.4-4.el7_4.src as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.4.z:slf4j-0:1.7.4-4.el7_4.src" }, "product_reference": "slf4j-0:1.7.4-4.el7_4.src", "relates_to_product_reference": "7Server-optional-Alt-7.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-javadoc-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.4.z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7Server-optional-Alt-7.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-manual-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.4.z:slf4j-manual-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-manual-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7Server-optional-Alt-7.4.z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.4-4.el7_4.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:slf4j-0:1.7.4-4.el7_4.src" }, "product_reference": "slf4j-0:1.7.4-4.el7_4.src", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-javadoc-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-manual-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-manual-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7Workstation-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.4-4.el7_4.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.src" }, "product_reference": "slf4j-0:1.7.4-4.el7_4.src", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-javadoc-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7Workstation-optional-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-manual-0:1.7.4-4.el7_4.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch" }, "product_reference": "slf4j-manual-0:1.7.4-4.el7_4.noarch", "relates_to_product_reference": "7Workstation-optional-7.4.Z" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Client-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7Client-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7Client-optional-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7Client-optional-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7ComputeNode-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7ComputeNode-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7ComputeNode-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7ComputeNode-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7ComputeNode-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7ComputeNode-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7ComputeNode-optional-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7ComputeNode-optional-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7Server-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7Server-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7Server-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7Server-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7Server-Alt-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7Server-Alt-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7Server-Alt-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7Server-Alt-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7Server-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7Server-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7Server-optional-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7Server-optional-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7Server-optional-Alt-7.4.z:slf4j-0:1.7.4-4.el7_4.noarch", "7Server-optional-Alt-7.4.z:slf4j-0:1.7.4-4.el7_4.src", "7Server-optional-Alt-7.4.z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7Server-optional-Alt-7.4.z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7Workstation-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7Workstation-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7Workstation-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7Workstation-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7Workstation-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7Workstation-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7Workstation-optional-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7Workstation-optional-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-03-26T20:05:43+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Client-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7Client-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7Client-optional-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7Client-optional-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7ComputeNode-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7ComputeNode-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7ComputeNode-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7ComputeNode-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7ComputeNode-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7ComputeNode-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7ComputeNode-optional-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7ComputeNode-optional-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7Server-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7Server-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7Server-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7Server-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7Server-Alt-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7Server-Alt-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7Server-Alt-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7Server-Alt-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7Server-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7Server-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7Server-optional-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7Server-optional-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7Server-optional-Alt-7.4.z:slf4j-0:1.7.4-4.el7_4.noarch", "7Server-optional-Alt-7.4.z:slf4j-0:1.7.4-4.el7_4.src", "7Server-optional-Alt-7.4.z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7Server-optional-Alt-7.4.z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7Workstation-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7Workstation-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7Workstation-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7Workstation-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7Workstation-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7Workstation-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7Workstation-optional-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7Workstation-optional-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:0592" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Client-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7Client-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7Client-optional-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7Client-optional-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7ComputeNode-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7ComputeNode-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7ComputeNode-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7ComputeNode-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7ComputeNode-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7ComputeNode-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7ComputeNode-optional-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7ComputeNode-optional-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7Server-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7Server-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7Server-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7Server-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7Server-Alt-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7Server-Alt-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7Server-Alt-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7Server-Alt-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7Server-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7Server-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7Server-optional-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7Server-optional-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7Server-optional-Alt-7.4.z:slf4j-0:1.7.4-4.el7_4.noarch", "7Server-optional-Alt-7.4.z:slf4j-0:1.7.4-4.el7_4.src", "7Server-optional-Alt-7.4.z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7Server-optional-Alt-7.4.z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7Workstation-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7Workstation-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7Workstation-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7Workstation-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch", "7Workstation-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.noarch", "7Workstation-optional-7.4.Z:slf4j-0:1.7.4-4.el7_4.src", "7Workstation-optional-7.4.Z:slf4j-javadoc-0:1.7.4-4.el7_4.noarch", "7Workstation-optional-7.4.Z:slf4j-manual-0:1.7.4-4.el7_4.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
rhsa-2018_1450
Vulnerability from csaf_redhat
Published
2018-05-14 20:36
Modified
2024-12-08 10:57
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.20 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
* Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability (CVE-2016-4978)
* solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163)
* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)
* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; 0c0c0f from 360观星实验室 for reporting CVE-2017-17485; and Chris McCown for reporting CVE-2018-8088.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java\napplications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\n* Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability (CVE-2016-4978)\n\n* solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163)\n\n* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)\n\n* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; 0c0c0f from 360\u89c2\u661f\u5b9e\u9a8c\u5ba4 for reporting CVE-2017-17485; and Chris McCown for reporting CVE-2018-8088.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:1450", "url": "https://access.redhat.com/errata/RHSA-2018:1450" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4" }, { "category": "external", "summary": "1379207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379207" }, { "category": "external", "summary": "1454783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1454783" }, { "category": "external", "summary": "1506612", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506612" }, { "category": "external", "summary": "1528565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528565" }, { "category": "external", "summary": "1548289", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548289" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "1549276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549276" }, { "category": "external", "summary": "1559009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559009" }, { "category": "external", "summary": "1559012", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559012" }, { "category": "external", "summary": "1559017", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559017" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1450.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.20 security update", "tracking": { "current_release_date": "2024-12-08T10:57:51+00:00", "generator": { "date": "2024-12-08T10:57:51+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2018:1450", "initial_release_date": "2018-05-14T20:36:21+00:00", "revision_history": [ { "date": "2018-05-14T20:36:21+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-05-14T20:36:21+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T10:57:51+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jgroups@3.2.18-1.Final_redhat_1.1.ep6.el5?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossts@4.17.43-1.Final_redhat_1.1.ep6.el5?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@7.5.28-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "product": { "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "product_id": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hornetq@2.3.25-26.SP24_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "product": { "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "product_id": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/lucene-solr@3.6.2-8.redhat_9.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "product": { "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "product_id": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson@1.9.9-12.redhat_6.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src", "product_id": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/picketbox@4.1.7-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-network@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-server@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-version@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-threads@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-security@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-mail@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-web@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-naming@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-weld@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-connector@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cli@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-xts@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-sar@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-logging@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-domain@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-appclient@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-standalone@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-bundles@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-core@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jgroups@3.2.18-1.Final_redhat_1.1.ep6.el5?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossts@4.17.43-1.Final_redhat_1.1.ep6.el5?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@7.5.28-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "product": { "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "product_id": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hornetq@2.3.25-26.SP24_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "product": { "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "product_id": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/lucene-solr@3.6.2-8.redhat_9.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "product": { "name": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "product_id": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson-jaxrs@1.9.9-12.redhat_6.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "product": { "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "product_id": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson@1.9.9-12.redhat_6.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "product": { "name": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "product_id": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson-xc@1.9.9-12.redhat_6.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "product": { "name": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "product_id": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson-core-asl@1.9.9-12.redhat_6.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "product": { "name": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "product_id": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson-mapper-asl@1.9.9-12.redhat_6.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/picketbox@4.1.7-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-network@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-server@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-version@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-threads@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-security@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-mail@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-web@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-naming@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-weld@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-connector@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cli@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-xts@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-sar@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-logging@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-domain@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-appclient@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-standalone@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-bundles@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-core@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.20-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch" }, "product_reference": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src" }, "product_reference": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch" }, "product_reference": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch" }, "product_reference": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch" }, "product_reference": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch" }, "product_reference": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch" }, "product_reference": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src" }, "product_reference": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch" }, "product_reference": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src" }, "product_reference": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-4978", "discovery_date": "2016-09-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1379207" } ], "notes": [ { "category": "description", "text": "It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.", "title": "Vulnerability description" }, { "category": "summary", "text": "Artemis: Deserialization of untrusted input vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-4978" }, { "category": "external", "summary": "RHBZ#1379207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379207" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-4978", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4978" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-4978", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4978" } ], "release_date": "2016-09-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:21+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1450" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "version": "3.0" }, "products": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Artemis: Deserialization of untrusted input vulnerability" }, { "cve": "CVE-2017-3163", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2017-05-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1454783" } ], "notes": [ { "category": "description", "text": "When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.", "title": "Vulnerability description" }, { "category": "summary", "text": "solr: Directory traversal via Index Replication HTTP API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3163" }, { "category": "external", "summary": "RHBZ#1454783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1454783" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3163", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3163" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3163", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3163" } ], "release_date": "2017-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:21+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1450" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "solr: Directory traversal via Index Replication HTTP API" }, { "acknowledgments": [ { "names": [ "Liao Xinxi" ], "organization": "NSFOCUS" } ], "cve": "CVE-2017-7525", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-06-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1462702" } ], "notes": [ { "category": "description", "text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of jackson-databind (in Satellite 6.0 and 6.1) and candlepin (which embeds a copy of jackson-databind in Satellite 6.2) as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time:\n\nCandlepin currently uses the default type resolution configuration for the ObjectMappers it creates/uses. Nowhere in candlepin do we enable global polymorphic deserialization via enableDefaultTyping(...), therefore based on the documentation sited BZ 1462702 , candlepin should not be affected.\n\nHowever as the vulnerable software ships with the product we have marked them as vulnerable to ensure the issue is tracked.\n\nJBoss EAP 7.x only uses the vulnerable Jackson Databind library for marshalling and unmarshalling of JSON objects passed to JAX-RS webservices. Some advise about how to remain safe when using JAX-RS webservices on JBoss EAP 7.x is available here: \n\nhttps://access.redhat.com/solutions/3279231\n\nAlthough JBoss Fuse ships the vulnerable version of jackson-databind, it does not call on enableDefaultTyping() for any polymorphic deserialization operations which is the root cause of this vulnerability. We have raised a Jira tracker to ensure that jackson-databind will be upgraded for Fuse 7.0, however due to feasibility issues jackson-databind cannot be upgraded in JBoss Fuse 6.3.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7525" }, { "category": "external", "summary": "RHBZ#1462702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7525", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525" } ], "release_date": "2017-07-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:21+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1450" }, { "category": "workaround", "details": "Mitigation to this problem is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", "product_ids": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper" }, { "acknowledgments": [ { "names": [ "Liao Xinxi" ], "organization": "NSFOCUS" } ], "cve": "CVE-2017-15095", "cwe": { "id": "CWE-184", "name": "Incomplete List of Disallowed Inputs" }, "discovery_date": "2017-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1506612" } ], "notes": [ { "category": "description", "text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of jackson-databind (in Satellite 6.0 and 6.1) and candlepin (which embeds a copy of jackson-databind in Satellite 6.2) as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time:\n\nCandlepin currently uses the default type resolution configuration for the ObjectMappers it creates/uses. Nowhere in candlepin do we enable global polymorphic deserialization via enableDefaultTyping(...), therefore based on the documentation sited BZ 1462702 , candlepin should not be affected.\n\nHowever as the vulnerable software ships with the product we have marked them as vulnerable to ensure the issue is tracked.\n\nJBoss EAP 7.x only uses the vulnerable Jackson Databind library for marshalling and unmarshalling of JSON objects passed to JAX-RS webservices. Some advise about how to remain safe when using JAX-RS webservices on JBoss EAP 7.x is available here: \n\nhttps://access.redhat.com/solutions/3279231", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-15095" }, { "category": "external", "summary": "RHBZ#1506612", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506612" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-15095", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15095" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15095", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15095" }, { "category": "external", "summary": "https://access.redhat.com/solutions/3442891", "url": "https://access.redhat.com/solutions/3442891" } ], "release_date": "2017-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:21+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1450" }, { "category": "workaround", "details": "Mitigation to this problem is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", "product_ids": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)" }, { "acknowledgments": [ { "names": [ "0c0c0f from 360\u89c2\u661f\u5b9e\u9a8c\u5ba4" ] } ], "cve": "CVE-2017-17485", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2017-12-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1528565" } ], "notes": [ { "category": "description", "text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisting more classes that could be used maliciously.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-17485" }, { "category": "external", "summary": "RHBZ#1528565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528565" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-17485", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17485" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-17485", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17485" }, { "category": "external", "summary": "https://access.redhat.com/solutions/3442891", "url": "https://access.redhat.com/solutions/3442891" } ], "release_date": "2017-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:21+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1450" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)" }, { "cve": "CVE-2018-1304", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2018-02-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548289" } ], "notes": [ { "category": "description", "text": "The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1304" }, { "category": "external", "summary": "RHBZ#1548289", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548289" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1304", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1304" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1304" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85", "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28" } ], "release_date": "2018-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:21+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1450" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources" }, { "cve": "CVE-2018-7489", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1549276" } ], "notes": [ { "category": "description", "text": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates.\n\nSatellite 6.2 does not support c3p0 classes. Since the latter are required for this flaw, therefore Satellite 6.2 is not affected. Satellite 6.3 and 6.4 are not affected because Candlepin does not use polymorphic deserialization.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-7489" }, { "category": "external", "summary": "RHBZ#1549276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549276" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7489", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489" }, { "category": "external", "summary": "https://access.redhat.com/solutions/3442891", "url": "https://access.redhat.com/solutions/3442891" } ], "release_date": "2018-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:21+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1450" }, { "category": "workaround", "details": "Advice on how to remain safe while using JAX-RS webservices on JBoss EAP 7.x is available here:\n\nhttps://access.redhat.com/solutions/3279231\nhttps://github.com/FasterXML/jackson-docs/wiki/JacksonPolymorphicDeserialization\n\nGeneral Mitigation: \nTry to avoid \n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries" }, { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:21+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1450" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.noarch", "5Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5.src", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
rhsa-2018_0629
Vulnerability from csaf_redhat
Published
2018-04-03 18:20
Modified
2024-11-25 12:10
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on WildFly.
This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 7.1.
Security Fix(es):
* An XML deserialization vulnerability was discovered in slf4j's EventData which accepts xml serialized string and can lead to arbitrary code execution. (CVE-2018-8088)
The Simple Logging Facade for Java or (SLF4J) is a simple facade for various logging APIs allowing the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging (JCL).
Red Hat would like to thank Chris McCown for reporting CVE-2018-8088.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on WildFly.\n\nThis asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 7.1.\n\nSecurity Fix(es):\n\n* An XML deserialization vulnerability was discovered in slf4j\u0027s EventData which accepts xml serialized string and can lead to arbitrary code execution. (CVE-2018-8088)\n\nThe Simple Logging Facade for Java or (SLF4J) is a simple facade for various logging APIs allowing the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging (JCL).\n\nRed Hat would like to thank Chris McCown for reporting CVE-2018-8088.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:0629", "url": "https://access.redhat.com/errata/RHSA-2018:0629" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.1", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.1" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0629.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1 security update", "tracking": { "current_release_date": "2024-11-25T12:10:25+00:00", "generator": { "date": "2024-11-25T12:10:25+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:0629", "initial_release_date": "2018-04-03T18:20:31+00:00", "revision_history": [ { "date": "2018-04-03T18:20:31+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-04-03T18:20:31+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T12:10:25+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.1", "product": { "name": "Red Hat JBoss EAP 7.1", "product_id": "Red Hat JBoss EAP 7.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss EAP 7.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-04-03T18:20:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss EAP 7.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:0629" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss EAP 7.1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
rhsa-2018_1251
Vulnerability from csaf_redhat
Published
2018-04-25 19:43
Modified
2024-11-25 12:10
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.2 security update
Notes
Topic
Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.1.2, fixes several bugs, and adds various enhancements are now available for Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 7.1.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993) (CVE-2018-1067)
* wildfly-undertow: undertow: Path traversal in ServletResourceManager class (CVE-2018-1047)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
Red Hat would like to thank Ammarit Thongthua and Nattakit Intarasorn (Deloitte Thailand Pentest team) for reporting CVE-2018-1067, and Chris McCown for reporting CVE-2018-8088.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.1.2, fixes several bugs, and adds various enhancements are now available for Red Hat Enterprise Linux.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.1.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993) (CVE-2018-1067)\n\n* wildfly-undertow: undertow: Path traversal in ServletResourceManager class (CVE-2018-1047)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\nRed Hat would like to thank Ammarit Thongthua and Nattakit Intarasorn (Deloitte Thailand Pentest team) for reporting CVE-2018-1067, and Chris McCown for reporting CVE-2018-8088.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:1251", "url": "https://access.redhat.com/errata/RHSA-2018:1251" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.1", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.1" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/" }, { "category": "external", "summary": "1528361", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528361" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "1550671", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550671" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1251.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.2 security update", "tracking": { "current_release_date": "2024-11-25T12:10:31+00:00", "generator": { "date": "2024-11-25T12:10:31+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:1251", "initial_release_date": "2018-04-25T19:43:26+00:00", "revision_history": [ { "date": "2018-04-25T19:43:26+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-04-25T19:43:26+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T12:10:31+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.1", "product": { "name": "Red Hat JBoss EAP 7.1", "product_id": "Red Hat JBoss EAP 7.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-1047", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2017-12-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1528361" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was discovered in Undertow\u0027s org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method. This could lead to information disclosure of arbitrary local files.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Path traversal in ServletResourceManager class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss EAP 7.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1047" }, { "category": "external", "summary": "RHBZ#1528361", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528361" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1047", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1047" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1047", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1047" } ], "release_date": "2017-12-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-04-25T19:43:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss EAP 7.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1251" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss EAP 7.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Path traversal in ServletResourceManager class" }, { "acknowledgments": [ { "names": [ "Ammarit Thongthua", "Nattakit Intarasorn" ], "organization": "Deloitte Thailand Pentest team" } ], "cve": "CVE-2018-1067", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2018-03-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1550671" } ], "notes": [ { "category": "description", "text": "It was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss EAP 7.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1067" }, { "category": "external", "summary": "RHBZ#1550671", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550671" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1067", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1067" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1067", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1067" } ], "release_date": "2018-04-25T17:51:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-04-25T19:43:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss EAP 7.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1251" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss EAP 7.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)" }, { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss EAP 7.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-04-25T19:43:26+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss EAP 7.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1251" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss EAP 7.1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
rhsa-2019_2413
Vulnerability from csaf_redhat
Published
2019-08-08 10:08
Modified
2024-11-25 12:10
Summary
Red Hat Security Advisory: Red Hat Fuse 7.4.0 security update
Notes
Topic
A minor version update (from 7.3 to 7.4) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat Fuse 7.4.0 serves as a replacement for Red Hat Fuse 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* hazelcast: java deserialization in join cluster procedure leading to remote code execution (CVE-2016-10750)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
* jolokia: system-wide CSRF that could lead to Remote Code Execution (CVE-2018-10899)
* spring-security-oauth: Privilege escalation by manipulating saved authorization request (CVE-2018-15758)
* solr: remote code execution due to unsafe deserialization (CVE-2019-0192)
* thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class (CVE-2018-1320)
* spring-security-core: Unauthorized Access with Spring Security Method Security (CVE-2018-1258)
* wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A minor version update (from 7.3 to 7.4) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat Fuse 7.4.0 serves as a replacement for Red Hat Fuse 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* hazelcast: java deserialization in join cluster procedure leading to remote code execution (CVE-2016-10750)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\n* jolokia: system-wide CSRF that could lead to Remote Code Execution (CVE-2018-10899)\n\n* spring-security-oauth: Privilege escalation by manipulating saved authorization request (CVE-2018-15758)\n\n* solr: remote code execution due to unsafe deserialization (CVE-2019-0192)\n\n* thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class (CVE-2018-1320)\n\n* spring-security-core: Unauthorized Access with Spring Security Method Security (CVE-2018-1258)\n\n* wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2019:2413", "url": "https://access.redhat.com/errata/RHSA-2019:2413" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.4.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.fuse\u0026version=7.4.0" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "1578582", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578582" }, { "category": "external", "summary": "1601037", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601037" }, { "category": "external", "summary": "1643048", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643048" }, { "category": "external", "summary": "1660263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660263" }, { "category": "external", "summary": "1667204", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667204" }, { "category": "external", "summary": "1692345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1692345" }, { "category": "external", "summary": "1713215", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713215" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2413.json" } ], "title": "Red Hat Security Advisory: Red Hat Fuse 7.4.0 security update", "tracking": { "current_release_date": "2024-11-25T12:10:27+00:00", "generator": { "date": "2024-11-25T12:10:27+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2019:2413", "initial_release_date": "2019-08-08T10:08:27+00:00", "revision_history": [ { "date": "2019-08-08T10:08:27+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-08-08T10:08:27+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T12:10:27+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Fuse 7.4.0", "product": { "name": "Red Hat Fuse 7.4.0", "product_id": "Red Hat Fuse 7.4.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_fuse:7" } } } ], "category": "product_family", "name": "Red Hat JBoss Fuse" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-10750", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-05-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1713215" } ], "notes": [ { "category": "description", "text": "A flaw was found in the cluster join procedure in Hazelcast. This flaw allows an attacker to gain remote code execution via Java deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "hazelcast: java deserialization in join cluster procedure leading to remote code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "The module vertx-hazelcast is not supported in Red Hat OpenShift Application Runtimes (RHOAR) products.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-10750" }, { "category": "external", "summary": "RHBZ#1713215", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713215" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-10750", "url": "https://www.cve.org/CVERecord?id=CVE-2016-10750" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-10750", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10750" } ], "release_date": "2016-04-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-08-08T10:08:27+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", "product_ids": [ "Red Hat Fuse 7.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2413" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat Fuse 7.4.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "hazelcast: java deserialization in join cluster procedure leading to remote code execution" }, { "cve": "CVE-2018-1258", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2018-05-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1578582" } ], "notes": [ { "category": "description", "text": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.", "title": "Vulnerability description" }, { "category": "summary", "text": "spring-security-core: Unauthorized Access with Spring Security Method Security", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1258" }, { "category": "external", "summary": "RHBZ#1578582", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578582" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1258", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1258" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1258", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1258" } ], "release_date": "2018-05-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-08-08T10:08:27+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", "product_ids": [ "Red Hat Fuse 7.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2413" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "Red Hat Fuse 7.4.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "spring-security-core: Unauthorized Access with Spring Security Method Security" }, { "cve": "CVE-2018-1320", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2019-01-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1667204" } ], "notes": [ { "category": "description", "text": "Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.", "title": "Vulnerability description" }, { "category": "summary", "text": "thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenDaylight:\nOpenDaylight includes libthrift, however does not use the vulnerable functionality. OpenDaylight should be considered not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1320" }, { "category": "external", "summary": "RHBZ#1667204", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667204" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1320", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1320" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1320", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1320" } ], "release_date": "2018-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-08-08T10:08:27+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", "product_ids": [ "Red Hat Fuse 7.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2413" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat Fuse 7.4.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class" }, { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-08-08T10:08:27+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", "product_ids": [ "Red Hat Fuse 7.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2413" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat Fuse 7.4.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" }, { "acknowledgments": [ { "names": [ "Martin Bajanik" ] } ], "cve": "CVE-2018-10899", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2018-07-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1601037" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jolokia, versions 1.2 through 1.6.0, where Jolokia did not correctly handle checking for origin and referrer headers when strict checking was enabled. An attacker could use this vulnerability to conduct cross-site request forgery or further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "jolokia: system-wide CSRF that could lead to Remote Code Execution", "title": "Vulnerability summary" }, { "category": "other", "text": "In Red Hat OpenStack Platform, jolokia is not enabled by default and, when enabled, the jolokia endpoints do not rely on CORS for security. Therefore, the impact has been reduced to Low and no updates will be provided at this time for the RHOSP jolokia package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-10899" }, { "category": "external", "summary": "RHBZ#1601037", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601037" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10899", "url": "https://www.cve.org/CVERecord?id=CVE-2018-10899" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10899", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10899" }, { "category": "external", "summary": "https://jolokia.org/#Minor_updates_coming_with_1.6.1", "url": "https://jolokia.org/#Minor_updates_coming_with_1.6.1" } ], "release_date": "2019-06-11T10:41:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-08-08T10:08:27+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", "product_ids": [ "Red Hat Fuse 7.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2413" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat Fuse 7.4.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jolokia: system-wide CSRF that could lead to Remote Code Execution" }, { "cve": "CVE-2018-15758", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2018-10-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1643048" } ], "notes": [ { "category": "description", "text": "Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).", "title": "Vulnerability description" }, { "category": "summary", "text": "spring-security-oauth: Privilege escalation by manipulating saved authorization request", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-15758" }, { "category": "external", "summary": "RHBZ#1643048", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643048" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-15758", "url": "https://www.cve.org/CVERecord?id=CVE-2018-15758" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-15758", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15758" }, { "category": "external", "summary": "https://pivotal.io/security/cve-2018-15758", "url": "https://pivotal.io/security/cve-2018-15758" } ], "release_date": "2018-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-08-08T10:08:27+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", "product_ids": [ "Red Hat Fuse 7.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2413" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat Fuse 7.4.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "spring-security-oauth: Privilege escalation by manipulating saved authorization request" }, { "cve": "CVE-2019-0192", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-03-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1692345" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Solr\u0027s Config API, where it would permit the configuration of the JMX server via an HTTP POST request. An attacker could use this flaw to direct traffic to a malicious RMI server, and then trigger remote code execution or conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "solr: remote code execution due to unsafe deserialization", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0192" }, { "category": "external", "summary": "RHBZ#1692345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1692345" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0192", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0192" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0192", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0192" } ], "release_date": "2019-03-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-08-08T10:08:27+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", "product_ids": [ "Red Hat Fuse 7.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2413" }, { "category": "workaround", "details": "* Upgrade to 6.6.6 or later\n* Disable the ConifgAPI if not in use (`disable.configEdit=true`)\n* Use other external means to ensure only trusted traffic is allowed (block POST requests to the config API from external sources)", "product_ids": [ "Red Hat Fuse 7.4.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat Fuse 7.4.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "solr: remote code execution due to unsafe deserialization" }, { "acknowledgments": [ { "names": [ "Daniel Le Gall" ], "organization": "SCRT Information Security" } ], "cve": "CVE-2019-3805", "cwe": { "id": "CWE-364", "name": "Signal Handler Race Condition" }, "discovery_date": "2018-11-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1660263" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in wildfly that would allow local users, who are able to execute init.d script, to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Race condition on PID file allows for termination of arbitrary processes by local users", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Fuse 7.4.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-3805" }, { "category": "external", "summary": "RHBZ#1660263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660263" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-3805", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3805" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-3805", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3805" } ], "release_date": "2019-04-30T17:12:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-08-08T10:08:27+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", "product_ids": [ "Red Hat Fuse 7.4.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2413" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat Fuse 7.4.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Race condition on PID file allows for termination of arbitrary processes by local users" } ] }
rhsa-2020_2561
Vulnerability from csaf_redhat
Published
2020-06-15 16:08
Modified
2024-11-25 12:10
Summary
Red Hat Security Advisory: EAP Continuous Delivery Technical Preview Release 12 security update
Notes
Topic
This is a security update for JBoss EAP Continuous Delivery 12.0.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform CD12 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform CD12 includes bug fixes and enhancements.
Security Fix(es):
* artemis: artemis/hornetq: memory exhaustion via UDP and JGroups discovery (CVE-2017-12174)
* lucene: Solr: Code execution via entity expansion (CVE-2017-12629)
* infinispan-core: infinispan: Unsafe deserialization of malicious object injected into data cache (CVE-2017-15089)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
* elytron: client can use bogus uri in digest authentication (CVE-2017-12196)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "This is a security update for JBoss EAP Continuous Delivery 12.0.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform CD12 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform CD12 includes bug fixes and enhancements. \n\nSecurity Fix(es):\n\n* artemis: artemis/hornetq: memory exhaustion via UDP and JGroups discovery (CVE-2017-12174)\n* lucene: Solr: Code execution via entity expansion (CVE-2017-12629)\n* infinispan-core: infinispan: Unsafe deserialization of malicious object injected into data cache (CVE-2017-15089)\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n* elytron: client can use bogus uri in digest authentication (CVE-2017-12196)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:2561", "url": "https://access.redhat.com/errata/RHSA-2020:2561" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "1498378", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498378" }, { "category": "external", "summary": "1501529", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501529" }, { "category": "external", "summary": "1503055", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503055" }, { "category": "external", "summary": "1503610", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503610" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2561.json" } ], "title": "Red Hat Security Advisory: EAP Continuous Delivery Technical Preview Release 12 security update", "tracking": { "current_release_date": "2024-11-25T12:10:39+00:00", "generator": { "date": "2024-11-25T12:10:39+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2020:2561", "initial_release_date": "2020-06-15T16:08:52+00:00", "revision_history": [ { "date": "2020-06-15T16:08:52+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-06-15T16:08:52+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T12:10:39+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform Continuous Delivery", "product": { "name": "Red Hat JBoss Enterprise Application Platform Continuous Delivery", "product_id": "Red Hat JBoss Enterprise Application Platform Continuous Delivery", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_cd:12" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Masafumi Miura" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2017-12174", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-09-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1498378" } ], "notes": [ { "category": "description", "text": "It was found that when Artemis and HornetQ are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis/hornetq: memory exhaustion via UDP and JGroups discovery", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-12174" }, { "category": "external", "summary": "RHBZ#1498378", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498378" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12174", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12174" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12174", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12174" } ], "release_date": "2018-02-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-15T16:08:52+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2561" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "artemis/hornetq: memory exhaustion via UDP and JGroups discovery" }, { "acknowledgments": [ { "names": [ "Jan Stourac" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2017-12196", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2017-10-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1503055" } ], "notes": [ { "category": "description", "text": "It was discovered that when using Digest authentication, the server does not ensure that the value of the URI in the authorization header matches the URI in the HTTP request line. This allows the attacker to execute a MITM attack and access the desired content on the server.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Client can use bogus uri in Digest authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-12196" }, { "category": "external", "summary": "RHBZ#1503055", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503055" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12196", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12196" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12196", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12196" } ], "release_date": "2018-03-12T15:56:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-15T16:08:52+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2561" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Client can use bogus uri in Digest authentication" }, { "cve": "CVE-2017-12629", "cwe": { "id": "CWE-138", "name": "Improper Neutralization of Special Elements" }, "discovery_date": "2017-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1501529" } ], "notes": [ { "category": "description", "text": "It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr\u0027s Config API.", "title": "Vulnerability description" }, { "category": "summary", "text": "Solr: Code execution via entity expansion", "title": "Vulnerability summary" }, { "category": "other", "text": "The following products are not affected by this flaw, as they do not use the vulnerable functionality of either aspect of the issue.\nRed Hat JBoss Enterprise Application Platform 6\nRed Hat JBoss BPM Suite\nRed Hat JBoss BRMS\nRed Hat Enterprise Virtualization Manager\nRed Hat Single Sign-On 7\nRed Hat JBoss Portal Platform 6\n\nRed Hat JBoss Enterprise Application Platform 7 is not affected by this flaw. However, it does ship the vulnerable Lucene class in a dependency to another component. Customers who reuse the lucene-queryparser jar in their applications may be vulnerable to the External Entity Expansion aspect of this flaw. This will be patched in a forthcoming release.\n\nRed Hat JBoss Fuse is not affected by this flaw, as it does not use the vulnerable functionality of either aspect of this flaw. Fuse customers who may be running external Solr servers, while not affected from the Fuse side, are advised to secure their Solr servers as recommended in the mitigation provided.\n\nThe following products ship only the Lucene components relevant to this flaw, and are not vulnerable to the second portion of the vulnerability, the code execution exploit. As such, the impact of this flaw has been determined to be Moderate for these respective products:\nRed Hat JBoss Data Grid 7 \nRed Hat Enterprise Linux 6\nRed Hat Software Collections 2.4\n\nThis issue did not affect the versions of lucene as shipped with Red Hat Enterprise Linux 5.\n\nThis issue does not affect Elasticsearch as shipped in OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-12629" }, { "category": "external", "summary": "RHBZ#1501529", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501529" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12629", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12629" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12629", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12629" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/CVE-2017-12629", "url": "https://access.redhat.com/security/vulnerabilities/CVE-2017-12629" } ], "release_date": "2017-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-15T16:08:52+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2561" }, { "category": "workaround", "details": "Until fixes are available, all Solr users are advised to restart their Solr instances with the system parameter `-Ddisable.configEdit=true`. This will disallow any changes to be made to configurations via the Config API. This is a key factor in this vulnerability, since it allows GET requests to add the RunExecutableListener to the config.\n\nThis is sufficient to protect from this type of attack, but means you cannot use the edit capabilities of the Config API until further fixes are in place.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Solr: Code execution via entity expansion" }, { "acknowledgments": [ { "names": [ "Man Yue Mo" ], "organization": "Semmle/lgtm.com" } ], "cve": "CVE-2017-15089", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2017-10-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1503610" } ], "notes": [ { "category": "description", "text": "It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "infinispan: Unsafe deserialization of malicious object injected into data cache", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-15089" }, { "category": "external", "summary": "RHBZ#1503610", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503610" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-15089", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15089" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15089", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15089" } ], "release_date": "2018-02-12T15:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-15T16:08:52+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2561" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "infinispan: Unsafe deserialization of malicious object injected into data cache" }, { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-06-15T16:08:52+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nThe References section of this erratum contains a download link (you must log in to download the update)", "product_ids": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:2561" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform Continuous Delivery" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
rhsa-2018_1575
Vulnerability from csaf_redhat
Published
2018-05-16 15:44
Modified
2024-11-25 12:10
Summary
Red Hat Security Advisory: Red Hat JBoss Data Grid 7.2 security update
Notes
Topic
An update is now available for Red Hat JBoss Data Grid.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan.
This release of Red Hat JBoss Data Grid 7.2.0 serves as a replacement for Red Hat JBoss Data Grid 7.1.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Chris McCown for reporting this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Data Grid.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan.\n\nThis release of Red Hat JBoss Data Grid 7.2.0 serves as a replacement for Red Hat JBoss Data Grid 7.1.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Chris McCown for reporting this issue.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:1575", "url": "https://access.redhat.com/errata/RHSA-2018:1575" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=distributions\u0026version=7.2.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=distributions\u0026version=7.2.0" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/", "url": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1575.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Data Grid 7.2 security update", "tracking": { "current_release_date": "2024-11-25T12:10:48+00:00", "generator": { "date": "2024-11-25T12:10:48+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:1575", "initial_release_date": "2018-05-16T15:44:54+00:00", "revision_history": [ { "date": "2018-05-16T15:44:54+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-05-16T15:44:54+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T12:10:48+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Data Grid", "product": { "name": "Red Hat Data Grid", "product_id": "Red Hat Data Grid", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_data_grid:7.2" } } } ], "category": "product_family", "name": "Red Hat JBoss Data Grid" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-16T15:44:54+00:00", "details": "The References section of this erratum contains a download link (you must log in to download the update).\n\nBefore applying the update, back up your existing Red Hat JBoss Data Grid installation (including databases, configuration files, and so on).", "product_ids": [ "Red Hat Data Grid" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1575" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat Data Grid" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
rhsa-2018_1449
Vulnerability from csaf_redhat
Published
2018-05-14 20:36
Modified
2024-12-08 10:57
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.20 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
* Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability (CVE-2016-4978)
* solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163)
* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)
* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; 0c0c0f from 360观星实验室 for reporting CVE-2017-17485; and Chris McCown for reporting CVE-2018-8088.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\n* Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability (CVE-2016-4978)\n\n* solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163)\n\n* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)\n\n* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; 0c0c0f from 360\u89c2\u661f\u5b9e\u9a8c\u5ba4 for reporting CVE-2017-17485; and Chris McCown for reporting CVE-2018-8088.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:1449", "url": "https://access.redhat.com/errata/RHSA-2018:1449" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4" }, { "category": "external", "summary": "1379207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379207" }, { "category": "external", "summary": "1454783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1454783" }, { "category": "external", "summary": "1506612", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506612" }, { "category": "external", "summary": "1528565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528565" }, { "category": "external", "summary": "1548289", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548289" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "1549276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549276" }, { "category": "external", "summary": "1559008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559008" }, { "category": "external", "summary": "1559011", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559011" }, { "category": "external", "summary": "1559016", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559016" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1449.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.20 security update", "tracking": { "current_release_date": "2024-12-08T10:57:58+00:00", "generator": { "date": "2024-12-08T10:57:58+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2018:1449", "initial_release_date": "2018-05-14T20:36:31+00:00", "revision_history": [ { "date": "2018-05-14T20:36:31+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-05-14T20:36:31+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T10:57:58+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jgroups@3.2.18-1.Final_redhat_1.1.ep6.el6?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossts@4.17.43-1.Final_redhat_1.1.ep6.el6?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@7.5.28-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "product": { "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "product_id": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hornetq@2.3.25-26.SP24_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "product": { "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "product_id": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/lucene-solr@3.6.2-8.redhat_9.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "product": { "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "product_id": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson@1.9.9-12.redhat_6.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src", "product_id": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/picketbox@4.1.7-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-weld@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-web@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cli@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-security@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-network@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-threads@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-mail@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-server@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-naming@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-logging@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-connector@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-sar@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-version@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-xts@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-standalone@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-appclient@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-domain@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-bundles@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-core@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jgroups@3.2.18-1.Final_redhat_1.1.ep6.el6?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossts@4.17.43-1.Final_redhat_1.1.ep6.el6?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@7.5.28-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "product": { "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "product_id": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hornetq@2.3.25-26.SP24_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "product": { "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "product_id": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/lucene-solr@3.6.2-8.redhat_9.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product": { "name": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product_id": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson-core-asl@1.9.9-12.redhat_6.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product": { "name": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product_id": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson-mapper-asl@1.9.9-12.redhat_6.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product": { "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product_id": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson@1.9.9-12.redhat_6.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product": { "name": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product_id": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson-jaxrs@1.9.9-12.redhat_6.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product": { "name": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product_id": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson-xc@1.9.9-12.redhat_6.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/picketbox@4.1.7-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-weld@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-web@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cli@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-security@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-network@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-threads@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-mail@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-server@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-naming@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-logging@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-connector@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-sar@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-version@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-xts@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-standalone@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-appclient@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-domain@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-bundles@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-core@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch" }, "product_reference": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src" }, "product_reference": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch" }, "product_reference": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch" }, "product_reference": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch" }, "product_reference": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch" }, "product_reference": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch" }, "product_reference": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src" }, "product_reference": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch" }, "product_reference": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src" }, "product_reference": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-4978", "discovery_date": "2016-09-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1379207" } ], "notes": [ { "category": "description", "text": "It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.", "title": "Vulnerability description" }, { "category": "summary", "text": "Artemis: Deserialization of untrusted input vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-4978" }, { "category": "external", "summary": "RHBZ#1379207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379207" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-4978", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4978" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-4978", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4978" } ], "release_date": "2016-09-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:31+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1449" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Artemis: Deserialization of untrusted input vulnerability" }, { "cve": "CVE-2017-3163", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2017-05-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1454783" } ], "notes": [ { "category": "description", "text": "When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.", "title": "Vulnerability description" }, { "category": "summary", "text": "solr: Directory traversal via Index Replication HTTP API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3163" }, { "category": "external", "summary": "RHBZ#1454783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1454783" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3163", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3163" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3163", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3163" } ], "release_date": "2017-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:31+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1449" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "solr: Directory traversal via Index Replication HTTP API" }, { "acknowledgments": [ { "names": [ "Liao Xinxi" ], "organization": "NSFOCUS" } ], "cve": "CVE-2017-7525", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-06-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1462702" } ], "notes": [ { "category": "description", "text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of jackson-databind (in Satellite 6.0 and 6.1) and candlepin (which embeds a copy of jackson-databind in Satellite 6.2) as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time:\n\nCandlepin currently uses the default type resolution configuration for the ObjectMappers it creates/uses. Nowhere in candlepin do we enable global polymorphic deserialization via enableDefaultTyping(...), therefore based on the documentation sited BZ 1462702 , candlepin should not be affected.\n\nHowever as the vulnerable software ships with the product we have marked them as vulnerable to ensure the issue is tracked.\n\nJBoss EAP 7.x only uses the vulnerable Jackson Databind library for marshalling and unmarshalling of JSON objects passed to JAX-RS webservices. Some advise about how to remain safe when using JAX-RS webservices on JBoss EAP 7.x is available here: \n\nhttps://access.redhat.com/solutions/3279231\n\nAlthough JBoss Fuse ships the vulnerable version of jackson-databind, it does not call on enableDefaultTyping() for any polymorphic deserialization operations which is the root cause of this vulnerability. We have raised a Jira tracker to ensure that jackson-databind will be upgraded for Fuse 7.0, however due to feasibility issues jackson-databind cannot be upgraded in JBoss Fuse 6.3.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7525" }, { "category": "external", "summary": "RHBZ#1462702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7525", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525" } ], "release_date": "2017-07-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:31+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1449" }, { "category": "workaround", "details": "Mitigation to this problem is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper" }, { "acknowledgments": [ { "names": [ "Liao Xinxi" ], "organization": "NSFOCUS" } ], "cve": "CVE-2017-15095", "cwe": { "id": "CWE-184", "name": "Incomplete List of Disallowed Inputs" }, "discovery_date": "2017-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1506612" } ], "notes": [ { "category": "description", "text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of jackson-databind (in Satellite 6.0 and 6.1) and candlepin (which embeds a copy of jackson-databind in Satellite 6.2) as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time:\n\nCandlepin currently uses the default type resolution configuration for the ObjectMappers it creates/uses. Nowhere in candlepin do we enable global polymorphic deserialization via enableDefaultTyping(...), therefore based on the documentation sited BZ 1462702 , candlepin should not be affected.\n\nHowever as the vulnerable software ships with the product we have marked them as vulnerable to ensure the issue is tracked.\n\nJBoss EAP 7.x only uses the vulnerable Jackson Databind library for marshalling and unmarshalling of JSON objects passed to JAX-RS webservices. Some advise about how to remain safe when using JAX-RS webservices on JBoss EAP 7.x is available here: \n\nhttps://access.redhat.com/solutions/3279231", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-15095" }, { "category": "external", "summary": "RHBZ#1506612", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506612" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-15095", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15095" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15095", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15095" }, { "category": "external", "summary": "https://access.redhat.com/solutions/3442891", "url": "https://access.redhat.com/solutions/3442891" } ], "release_date": "2017-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:31+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1449" }, { "category": "workaround", "details": "Mitigation to this problem is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)" }, { "acknowledgments": [ { "names": [ "0c0c0f from 360\u89c2\u661f\u5b9e\u9a8c\u5ba4" ] } ], "cve": "CVE-2017-17485", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2017-12-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1528565" } ], "notes": [ { "category": "description", "text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisting more classes that could be used maliciously.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-17485" }, { "category": "external", "summary": "RHBZ#1528565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528565" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-17485", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17485" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-17485", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17485" }, { "category": "external", "summary": "https://access.redhat.com/solutions/3442891", "url": "https://access.redhat.com/solutions/3442891" } ], "release_date": "2017-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:31+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1449" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)" }, { "cve": "CVE-2018-1304", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2018-02-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548289" } ], "notes": [ { "category": "description", "text": "The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1304" }, { "category": "external", "summary": "RHBZ#1548289", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548289" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1304", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1304" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1304" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85", "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28" } ], "release_date": "2018-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:31+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1449" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources" }, { "cve": "CVE-2018-7489", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1549276" } ], "notes": [ { "category": "description", "text": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates.\n\nSatellite 6.2 does not support c3p0 classes. Since the latter are required for this flaw, therefore Satellite 6.2 is not affected. Satellite 6.3 and 6.4 are not affected because Candlepin does not use polymorphic deserialization.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-7489" }, { "category": "external", "summary": "RHBZ#1549276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549276" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7489", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489" }, { "category": "external", "summary": "https://access.redhat.com/solutions/3442891", "url": "https://access.redhat.com/solutions/3442891" } ], "release_date": "2018-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:31+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1449" }, { "category": "workaround", "details": "Advice on how to remain safe while using JAX-RS webservices on JBoss EAP 7.x is available here:\n\nhttps://access.redhat.com/solutions/3279231\nhttps://github.com/FasterXML/jackson-docs/wiki/JacksonPolymorphicDeserialization\n\nGeneral Mitigation: \nTry to avoid \n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries" }, { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:31+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1449" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
rhsa-2018_2669
Vulnerability from csaf_redhat
Published
2018-09-11 07:53
Modified
2024-12-02 01:14
Summary
Red Hat Security Advisory: Fuse 7.1 security update
Notes
Topic
An update is now available for Red Hat Fuse.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform.
This release of Red Hat Fuse 7.1 serves as a replacement for Red Hat Fuse 7.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* Apache Struts 1: Class Loader manipulation via request parameters (CVE-2014-0114)
* thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands (CVE-2016-5397)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
* jolokia: JMX proxy mode vulnerable to remote code execution (CVE-2018-1000130)
* bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data (CVE-2016-1000338)
* bouncycastle: Information leak in AESFastEngine class (CVE-2016-1000339)
* bouncycastle: Information exposure in DSA signature generation via timing attack (CVE-2016-1000341)
* bouncycastle: ECDSA improper validation of ASN.1 encoding of signature (CVE-2016-1000342)
* bouncycastle: DHIES implementation allowed the use of ECB mode (CVE-2016-1000344)
* bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack (CVE-2016-1000345)
* bouncycastle: Other party DH public keys are not fully validated (CVE-2016-1000346)
* bouncycastle: ECIES implementation allowed the use of ECB mode (CVE-2016-1000352)
* async-http-client: Invalid URL parsing with '?' (CVE-2017-14063)
* undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service (CVE-2018-1114)
* spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271)
* tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service (CVE-2018-1338)
* tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service (CVE-2018-1339)
* pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF (CVE-2018-8036)
* jolokia: Cross site scripting in the HTTP servlet (CVE-2018-1000129)
* bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)
* bouncycastle: Carry propagation bug in math.raw.Nat??? class (CVE-2016-1000340)
* bouncycastle: DSA key pair generator generates a weak private key by default (CVE-2016-1000343)
* spring-framework: Multipart content pollution (CVE-2018-1272)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Chris McCown for reporting CVE-2018-8088.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat Fuse.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform.\n\nThis release of Red Hat Fuse 7.1 serves as a replacement for Red Hat Fuse 7.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* Apache Struts 1: Class Loader manipulation via request parameters (CVE-2014-0114)\n\n* thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands (CVE-2016-5397)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\n* jolokia: JMX proxy mode vulnerable to remote code execution (CVE-2018-1000130)\n\n* bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data (CVE-2016-1000338)\n\n* bouncycastle: Information leak in AESFastEngine class (CVE-2016-1000339)\n\n* bouncycastle: Information exposure in DSA signature generation via timing attack (CVE-2016-1000341)\n\n* bouncycastle: ECDSA improper validation of ASN.1 encoding of signature (CVE-2016-1000342)\n\n* bouncycastle: DHIES implementation allowed the use of ECB mode (CVE-2016-1000344)\n\n* bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack (CVE-2016-1000345)\n\n* bouncycastle: Other party DH public keys are not fully validated (CVE-2016-1000346)\n\n* bouncycastle: ECIES implementation allowed the use of ECB mode (CVE-2016-1000352)\n\n* async-http-client: Invalid URL parsing with \u0027?\u0027 (CVE-2017-14063)\n\n* undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service (CVE-2018-1114)\n\n* spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271)\n\n* tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service (CVE-2018-1338)\n\n* tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service (CVE-2018-1339)\n\n* pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF (CVE-2018-8036)\n\n* jolokia: Cross site scripting in the HTTP servlet (CVE-2018-1000129)\n\n* bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)\n\n* bouncycastle: Carry propagation bug in math.raw.Nat??? class (CVE-2016-1000340)\n\n* bouncycastle: DSA key pair generator generates a weak private key by default (CVE-2016-1000343)\n\n* spring-framework: Multipart content pollution (CVE-2018-1272)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Chris McCown for reporting CVE-2018-8088.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:2669", "url": "https://access.redhat.com/errata/RHSA-2018:2669" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=distributions\u0026version=7.1.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=distributions\u0026version=7.1.0" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.1/", "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.1/" }, { "category": "external", "summary": "https://access.redhat.com/articles/2939351", "url": "https://access.redhat.com/articles/2939351" }, { "category": "external", "summary": "1091938", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091938" }, { "category": "external", "summary": "1487563", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487563" }, { "category": "external", "summary": "1544620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1544620" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "1559316", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559316" }, { "category": "external", "summary": "1559317", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559317" }, { "category": "external", "summary": "1564408", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564408" }, { "category": "external", "summary": "1571050", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571050" }, { "category": "external", "summary": "1572421", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572421" }, { "category": "external", "summary": "1572424", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572424" }, { "category": "external", "summary": "1573045", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573045" }, { "category": "external", "summary": "1588306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588306" }, { "category": "external", "summary": "1588313", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588313" }, { "category": "external", "summary": "1588314", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588314" }, { "category": "external", "summary": "1588323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588323" }, { "category": "external", "summary": "1588327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588327" }, { "category": "external", "summary": "1588330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588330" }, { "category": "external", "summary": "1588688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588688" }, { "category": "external", "summary": "1588695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588695" }, { "category": "external", "summary": "1588708", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588708" }, { "category": "external", "summary": "1588715", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588715" }, { "category": "external", "summary": "1588721", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588721" }, { "category": "external", "summary": "1597490", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597490" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2669.json" } ], "title": "Red Hat Security Advisory: Fuse 7.1 security update", "tracking": { "current_release_date": "2024-12-02T01:14:27+00:00", "generator": { "date": "2024-12-02T01:14:27+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:2669", "initial_release_date": "2018-09-11T07:53:47+00:00", "revision_history": [ { "date": "2018-09-11T07:53:47+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-09-11T07:53:47+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-02T01:14:27+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Fuse 7", "product": { "name": "Red Hat JBoss Fuse 7", "product_id": "Red Hat JBoss Fuse 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_fuse:7" } } } ], "category": "product_family", "name": "Red Hat JBoss Fuse" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2014-0114", "cwe": { "id": "CWE-470", "name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)" }, "discovery_date": "2014-04-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1091938" } ], "notes": [ { "category": "description", "text": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.", "title": "Vulnerability description" }, { "category": "summary", "text": "1: Class Loader manipulation via request parameters", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. The impact of this depends on which ClassLoader properties are exposed. Exploits that lead to remote code execution have been published. These exploits rely on ClassLoader properties that are exposed on Tomcat 8, which is not included in any supported Red Hat products. However, some Red Hat products that ship Struts 1 do expose ClassLoader properties that could potentially be exploited. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0114" }, { "category": "external", "summary": "RHBZ#1091938", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091938" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0114", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0114" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0114", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0114" } ], "release_date": "2014-04-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" }, { "category": "workaround", "details": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-applications/ba-p/6463188#.VCaGk3V53Ua", "product_ids": [ "Red Hat JBoss Fuse 7" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "1: Class Loader manipulation via request parameters" }, { "cve": "CVE-2016-5397", "cwe": { "id": "CWE-78", "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)" }, "discovery_date": "2018-02-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1544620" } ], "notes": [ { "category": "description", "text": "The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.", "title": "Vulnerability description" }, { "category": "summary", "text": "thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands", "title": "Vulnerability summary" }, { "category": "other", "text": "libthrift is a library used by OpenDaylight which is shipped with Red Hat OpenStack. Whilst the version of the library used contains the vulnerable code it is not used by OpenDaylight and hence not exposed.\n\nJBoss fuse 6.3 ships libthrift via insight-activemq fabric-8 profile, however the vulnerable code is not used by fabric-8 so fuse 6.3 is not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-5397" }, { "category": "external", "summary": "RHBZ#1544620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1544620" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5397", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5397" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5397", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5397" } ], "release_date": "2016-07-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands" }, { "cve": "CVE-2016-1000338", "cwe": { "id": "CWE-325", "name": "Missing Cryptographic Step" }, "discovery_date": "2018-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1588313" } ], "notes": [ { "category": "description", "text": "In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of \u0027invisible\u0027 data into a signed structure.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-1000338" }, { "category": "external", "summary": "RHBZ#1588313", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588313" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-1000338", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000338" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000338", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000338" } ], "release_date": "2016-10-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data" }, { "cve": "CVE-2016-1000339", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2018-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1588695" } ], "notes": [ { "category": "description", "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: Information leak in AESFastEngine class", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-1000339" }, { "category": "external", "summary": "RHBZ#1588695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588695" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-1000339", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000339" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000339", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000339" } ], "release_date": "2018-06-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: Information leak in AESFastEngine class" }, { "cve": "CVE-2016-1000340", "cwe": { "id": "CWE-682", "name": "Incorrect Calculation" }, "discovery_date": "2018-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1588688" } ], "notes": [ { "category": "description", "text": "In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: Carry propagation bug in math.raw.Nat??? class", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Low. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-1000340" }, { "category": "external", "summary": "RHBZ#1588688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588688" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-1000340", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000340" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000340", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000340" } ], "release_date": "2018-06-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "bouncycastle: Carry propagation bug in math.raw.Nat??? class" }, { "cve": "CVE-2016-1000341", "cwe": { "id": "CWE-385", "name": "Covert Timing Channel" }, "discovery_date": "2018-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1588708" } ], "notes": [ { "category": "description", "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature\u0027s k value and ultimately the private value as well.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: Information exposure in DSA signature generation via timing attack", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-1000341" }, { "category": "external", "summary": "RHBZ#1588708", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588708" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-1000341", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000341" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000341", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000341" } ], "release_date": "2018-06-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: Information exposure in DSA signature generation via timing attack" }, { "cve": "CVE-2016-1000342", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2018-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1588715" } ], "notes": [ { "category": "description", "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of \u0027invisible\u0027 data into a signed structure.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: ECDSA improper validation of ASN.1 encoding of signature", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-1000342" }, { "category": "external", "summary": "RHBZ#1588715", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588715" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-1000342", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000342" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000342", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000342" } ], "release_date": "2018-06-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: ECDSA improper validation of ASN.1 encoding of signature" }, { "cve": "CVE-2016-1000343", "cwe": { "id": "CWE-338", "name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)" }, "discovery_date": "2018-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1588721" } ], "notes": [ { "category": "description", "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: DSA key pair generator generates a weak private key by default", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Low. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-1000343" }, { "category": "external", "summary": "RHBZ#1588721", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588721" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-1000343", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000343" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000343", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000343" } ], "release_date": "2018-06-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "bouncycastle: DSA key pair generator generates a weak private key by default" }, { "cve": "CVE-2016-1000344", "cwe": { "id": "CWE-325", "name": "Missing Cryptographic Step" }, "discovery_date": "2018-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1588314" } ], "notes": [ { "category": "description", "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: DHIES implementation allowed the use of ECB mode", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-1000344" }, { "category": "external", "summary": "RHBZ#1588314", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588314" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-1000344", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000344" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000344", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000344" } ], "release_date": "2016-04-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: DHIES implementation allowed the use of ECB mode" }, { "cve": "CVE-2016-1000345", "cwe": { "id": "CWE-325", "name": "Missing Cryptographic Step" }, "discovery_date": "2018-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1588323" } ], "notes": [ { "category": "description", "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-1000345" }, { "category": "external", "summary": "RHBZ#1588323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588323" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-1000345", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000345" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000345", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000345" } ], "release_date": "2016-04-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack" }, { "cve": "CVE-2016-1000346", "cwe": { "id": "CWE-325", "name": "Missing Cryptographic Step" }, "discovery_date": "2018-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1588327" } ], "notes": [ { "category": "description", "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party\u0027s private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: Other party DH public keys are not fully validated", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-1000346" }, { "category": "external", "summary": "RHBZ#1588327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588327" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-1000346", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000346" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000346", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000346" } ], "release_date": "2016-10-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: Other party DH public keys are not fully validated" }, { "cve": "CVE-2016-1000352", "cwe": { "id": "CWE-325", "name": "Missing Cryptographic Step" }, "discovery_date": "2018-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1588330" } ], "notes": [ { "category": "description", "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: ECIES implementation allowed the use of ECB mode", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-1000352" }, { "category": "external", "summary": "RHBZ#1588330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-1000352", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000352" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000352", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000352" } ], "release_date": "2016-04-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: ECIES implementation allowed the use of ECB mode" }, { "cve": "CVE-2017-14063", "discovery_date": "2017-08-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1487563" } ], "notes": [ { "category": "description", "text": "Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a \u0027?\u0027 character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE-2016-8624) and Oracle Java 8 java.net.URL.", "title": "Vulnerability description" }, { "category": "summary", "text": "async-http-client: Invalid URL parsing with \u0027?\u0027", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-14063" }, { "category": "external", "summary": "RHBZ#1487563", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487563" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-14063", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14063" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-14063", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14063" } ], "release_date": "2017-08-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "async-http-client: Invalid URL parsing with \u0027?\u0027" }, { "cve": "CVE-2018-1114", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2018-04-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1573045" } ], "notes": [ { "category": "description", "text": "It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1114" }, { "category": "external", "summary": "RHBZ#1573045", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573045" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1114", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1114" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1114", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1114" }, { "category": "external", "summary": "https://bugs.openjdk.java.net/browse/JDK-6956385", "url": "https://bugs.openjdk.java.net/browse/JDK-6956385" }, { "category": "external", "summary": "https://issues.jboss.org/browse/UNDERTOW-1338", "url": "https://issues.jboss.org/browse/UNDERTOW-1338" } ], "release_date": "2018-04-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service" }, { "cve": "CVE-2018-1271", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2018-04-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1571050" } ], "notes": [ { "category": "description", "text": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "spring-framework: Directory traversal vulnerability with static resources on Windows filesystems", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1271" }, { "category": "external", "summary": "RHBZ#1571050", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571050" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1271", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1271" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1271", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1271" }, { "category": "external", "summary": "https://pivotal.io/security/cve-2018-1271", "url": "https://pivotal.io/security/cve-2018-1271" } ], "release_date": "2018-04-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "spring-framework: Directory traversal vulnerability with static resources on Windows filesystems" }, { "cve": "CVE-2018-1272", "cwe": { "id": "CWE-88", "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)" }, "discovery_date": "2018-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1564408" } ], "notes": [ { "category": "description", "text": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.", "title": "Vulnerability description" }, { "category": "summary", "text": "spring-framework: Multipart content pollution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1272" }, { "category": "external", "summary": "RHBZ#1564408", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564408" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1272", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1272" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1272", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1272" }, { "category": "external", "summary": "https://pivotal.io/security/cve-2018-1272", "url": "https://pivotal.io/security/cve-2018-1272" } ], "release_date": "2018-04-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "spring-framework: Multipart content pollution" }, { "cve": "CVE-2018-1338", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2018-04-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1572421" } ], "notes": [ { "category": "description", "text": "An infinite loop vulnerability was discovered in Apache Tika prior to version 1.18. A remote attacker could exploit this to cause a denial of service via crafted file.", "title": "Vulnerability description" }, { "category": "summary", "text": "tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of tika which is embedded in the nutch package as shipped with Red Hat Satellite 5. The tika server is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1338" }, { "category": "external", "summary": "RHBZ#1572421", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572421" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1338", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1338" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1338", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1338" }, { "category": "external", "summary": "https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932@%3Cdev.tika.apache.org%3E", "url": "https://lists.apache.org/thread.html/4d20c5748fb9f836653bc78a1bad991ba8485d82a1e821f70b641932@%3Cdev.tika.apache.org%3E" } ], "release_date": "2018-04-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service" }, { "cve": "CVE-2018-1339", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2018-04-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1572424" } ], "notes": [ { "category": "description", "text": "A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika\u0027s ChmParser in versions of Apache Tika before 1.18.", "title": "Vulnerability description" }, { "category": "summary", "text": "tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of tika which is embedded in the nutch package as shipped with Red Hat Satellite 5. The tika server is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1339" }, { "category": "external", "summary": "RHBZ#1572424", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572424" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1339", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1339" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1339", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1339" }, { "category": "external", "summary": "https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828@%3Cdev.tika.apache.org%3E", "url": "https://lists.apache.org/thread.html/4d2cb5c819401bb075e2a1130e0d14f0404a136541a6f91da0225828@%3Cdev.tika.apache.org%3E" } ], "release_date": "2018-04-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service" }, { "cve": "CVE-2018-8036", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2018-07-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1597490" } ], "notes": [ { "category": "description", "text": "In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox\u0027s AFMParser.", "title": "Vulnerability description" }, { "category": "summary", "text": "pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF", "title": "Vulnerability summary" }, { "category": "other", "text": "While Fuse 6.3 and Fuse 7.0 ship vulnerable artifact via camel-pdfbox, however, the flawed code is not being used therefore no execution path leads to an exposure to this vulnerability, so both Fuse 6.3, 7 standalone are not affected. However, Fuse 7.0 on OpenShift ship vulnerable artifact via maven BOM, so setting Fuse 7.0 as affected for this reason only.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8036" }, { "category": "external", "summary": "RHBZ#1597490", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597490" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8036", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8036" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8036", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8036" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2018/06/29/1", "url": "http://www.openwall.com/lists/oss-security/2018/06/29/1" } ], "release_date": "2018-07-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF" }, { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" }, { "cve": "CVE-2018-1000129", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-03-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1559317" } ], "notes": [ { "category": "description", "text": "An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim\u0027s browser.", "title": "Vulnerability description" }, { "category": "summary", "text": "jolokia: Cross site scripting in the HTTP servlet", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Product Security has rated this issue as having security impact of Low for:\n* Red Hat OpenStack Platform 9.0 (Mitaka)\n* Red Hat OpenStack Platform 10.0 (Newton) \n* Red Hat OpenStack Platform 11.0 (Ocata)\n* Red Hat OpenStack Platform 12.0 (Pike)\n\nAlthough the affected code is present in shipped packages, data returned by Jolokia is correctly processed and invalid data is not used. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1000129" }, { "category": "external", "summary": "RHBZ#1559317", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559317" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000129", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000129" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000129" }, { "category": "external", "summary": "https://jolokia.org/#Security_fixes_with_1.5.0", "url": "https://jolokia.org/#Security_fixes_with_1.5.0" } ], "release_date": "2018-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jolokia: Cross site scripting in the HTTP servlet" }, { "cve": "CVE-2018-1000130", "cwe": { "id": "CWE-99", "name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)" }, "discovery_date": "2018-03-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1559316" } ], "notes": [ { "category": "description", "text": "A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server.", "title": "Vulnerability description" }, { "category": "summary", "text": "jolokia: JMX proxy mode vulnerable to remote code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "For Red Hat OpenStack Platform, although the affected code is present in shipped packages, proxy mode is not enabled by default and the affected code is not used in any supported configuration of Red Hat OpenStack Platform. For this reason, the RHOSP impact as been reduced to Low and this issue is not currently planned to be addressed in future updates.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1000130" }, { "category": "external", "summary": "RHBZ#1559316", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559316" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000130", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000130" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000130", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000130" }, { "category": "external", "summary": "https://jolokia.org/#Security_fixes_with_1.5.0", "url": "https://jolokia.org/#Security_fixes_with_1.5.0" } ], "release_date": "2018-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jolokia: JMX proxy mode vulnerable to remote code execution" }, { "cve": "CVE-2018-1000180", "cwe": { "id": "CWE-325", "name": "Missing Cryptographic Step" }, "discovery_date": "2018-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1588306" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in BouncyCastle. The number of iterations of the Miller-Rabin primality test was incorrectly calculated (according to FIPS 186-4 C.3). Under some circumstances, this could lead to the generation of weak RSA key pairs.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: flaw in the low-level interface to RSA key pair generator", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nRed Hat Satellite 6.5 isn\u0027t vulnerable to this issue, since it doesn\u0027t ship bouncycastle jar file anymore.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1000180" }, { "category": "external", "summary": "RHBZ#1588306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588306" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000180", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000180" } ], "release_date": "2018-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-09-11T07:53:47+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2669" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Fuse 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: flaw in the low-level interface to RSA key pair generator" } ] }
rhsa-2018_1447
Vulnerability from csaf_redhat
Published
2018-05-14 20:15
Modified
2024-12-08 10:57
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.20 security update
Notes
Topic
Updated packages that provide Red Hat JBoss Enterprise Application Platform
6.4.20, fixes several bugs, and adds various enhancements are now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
* Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability (CVE-2016-4978)
* solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163)
* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)
* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; 0c0c0f from 360观星实验室 for reporting CVE-2017-17485; and Chris McCown for reporting CVE-2018-8088.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated packages that provide Red Hat JBoss Enterprise Application Platform\n6.4.20, fixes several bugs, and adds various enhancements are now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java\napplications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\n* Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability (CVE-2016-4978)\n\n* solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163)\n\n* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)\n\n* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; 0c0c0f from 360\u89c2\u661f\u5b9e\u9a8c\u5ba4 for reporting CVE-2017-17485; and Chris McCown for reporting CVE-2018-8088.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:1447", "url": "https://access.redhat.com/errata/RHSA-2018:1447" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.4" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4" }, { "category": "external", "summary": "1379207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379207" }, { "category": "external", "summary": "1454783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1454783" }, { "category": "external", "summary": "1506612", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506612" }, { "category": "external", "summary": "1528565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528565" }, { "category": "external", "summary": "1548289", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548289" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "1549276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549276" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1447.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.20 security update", "tracking": { "current_release_date": "2024-12-08T10:57:34+00:00", "generator": { "date": "2024-12-08T10:57:34+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2018:1447", "initial_release_date": "2018-05-14T20:15:33+00:00", "revision_history": [ { "date": "2018-05-14T20:15:33+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-05-14T20:15:33+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T10:57:34+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6.4", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6.4", "product_id": "Red Hat JBoss Enterprise Application Platform 6.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.4" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-4978", "discovery_date": "2016-09-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1379207" } ], "notes": [ { "category": "description", "text": "It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.", "title": "Vulnerability description" }, { "category": "summary", "text": "Artemis: Deserialization of untrusted input vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-4978" }, { "category": "external", "summary": "RHBZ#1379207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379207" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-4978", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4978" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-4978", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4978" } ], "release_date": "2016-09-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:15:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1447" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Artemis: Deserialization of untrusted input vulnerability" }, { "cve": "CVE-2017-3163", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2017-05-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1454783" } ], "notes": [ { "category": "description", "text": "When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.", "title": "Vulnerability description" }, { "category": "summary", "text": "solr: Directory traversal via Index Replication HTTP API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3163" }, { "category": "external", "summary": "RHBZ#1454783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1454783" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3163", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3163" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3163", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3163" } ], "release_date": "2017-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:15:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1447" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "solr: Directory traversal via Index Replication HTTP API" }, { "acknowledgments": [ { "names": [ "Liao Xinxi" ], "organization": "NSFOCUS" } ], "cve": "CVE-2017-15095", "cwe": { "id": "CWE-184", "name": "Incomplete List of Disallowed Inputs" }, "discovery_date": "2017-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1506612" } ], "notes": [ { "category": "description", "text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of jackson-databind (in Satellite 6.0 and 6.1) and candlepin (which embeds a copy of jackson-databind in Satellite 6.2) as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time:\n\nCandlepin currently uses the default type resolution configuration for the ObjectMappers it creates/uses. Nowhere in candlepin do we enable global polymorphic deserialization via enableDefaultTyping(...), therefore based on the documentation sited BZ 1462702 , candlepin should not be affected.\n\nHowever as the vulnerable software ships with the product we have marked them as vulnerable to ensure the issue is tracked.\n\nJBoss EAP 7.x only uses the vulnerable Jackson Databind library for marshalling and unmarshalling of JSON objects passed to JAX-RS webservices. Some advise about how to remain safe when using JAX-RS webservices on JBoss EAP 7.x is available here: \n\nhttps://access.redhat.com/solutions/3279231", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-15095" }, { "category": "external", "summary": "RHBZ#1506612", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506612" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-15095", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15095" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15095", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15095" }, { "category": "external", "summary": "https://access.redhat.com/solutions/3442891", "url": "https://access.redhat.com/solutions/3442891" } ], "release_date": "2017-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:15:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1447" }, { "category": "workaround", "details": "Mitigation to this problem is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)" }, { "acknowledgments": [ { "names": [ "0c0c0f from 360\u89c2\u661f\u5b9e\u9a8c\u5ba4" ] } ], "cve": "CVE-2017-17485", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2017-12-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1528565" } ], "notes": [ { "category": "description", "text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisting more classes that could be used maliciously.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-17485" }, { "category": "external", "summary": "RHBZ#1528565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528565" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-17485", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17485" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-17485", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17485" }, { "category": "external", "summary": "https://access.redhat.com/solutions/3442891", "url": "https://access.redhat.com/solutions/3442891" } ], "release_date": "2017-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:15:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1447" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)" }, { "cve": "CVE-2018-1304", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2018-02-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548289" } ], "notes": [ { "category": "description", "text": "The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1304" }, { "category": "external", "summary": "RHBZ#1548289", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548289" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1304", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1304" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1304" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85", "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28" } ], "release_date": "2018-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:15:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1447" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources" }, { "cve": "CVE-2018-7489", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1549276" } ], "notes": [ { "category": "description", "text": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates.\n\nSatellite 6.2 does not support c3p0 classes. Since the latter are required for this flaw, therefore Satellite 6.2 is not affected. Satellite 6.3 and 6.4 are not affected because Candlepin does not use polymorphic deserialization.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-7489" }, { "category": "external", "summary": "RHBZ#1549276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549276" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7489", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489" }, { "category": "external", "summary": "https://access.redhat.com/solutions/3442891", "url": "https://access.redhat.com/solutions/3442891" } ], "release_date": "2018-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:15:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1447" }, { "category": "workaround", "details": "Advice on how to remain safe while using JAX-RS webservices on JBoss EAP 7.x is available here:\n\nhttps://access.redhat.com/solutions/3279231\nhttps://github.com/FasterXML/jackson-docs/wiki/JacksonPolymorphicDeserialization\n\nGeneral Mitigation: \nTry to avoid \n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries" }, { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:15:33+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1447" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
rhsa-2018_0630
Vulnerability from csaf_redhat
Published
2018-04-03 18:21
Modified
2024-11-25 12:10
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4 security update
Notes
Topic
Updated packages that provide Red Hat JBoss Enterprise Application Platform
6.4 and fix three security issues, several bugs, and add various
enhancements are now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.
This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 6.4.
Security Fix(es):
* An XML deserialization vulnerability was discovered in slf4j's EventData which accepts xml serialized string and can lead to arbitrary code execution. (CVE-2018-8088)
The Simple Logging Facade for Java or (SLF4J) is a simple facade for various logging APIs allowing the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging (JCL).
Red Hat would like to thank Chris McCown for reporting CVE-2018-8088.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated packages that provide Red Hat JBoss Enterprise Application Platform\n6.4 and fix three security issues, several bugs, and add various\nenhancements are now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java\napplications based on the JBoss Application Server.\n\nThis asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 6.4.\n\nSecurity Fix(es):\n\n* An XML deserialization vulnerability was discovered in slf4j\u0027s EventData which accepts xml serialized string and can lead to arbitrary code execution. (CVE-2018-8088)\n\nThe Simple Logging Facade for Java or (SLF4J) is a simple facade for various logging APIs allowing the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging (JCL).\n\nRed Hat would like to thank Chris McCown for reporting CVE-2018-8088.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:0630", "url": "https://access.redhat.com/errata/RHSA-2018:0630" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.4" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0630.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4 security update", "tracking": { "current_release_date": "2024-11-25T12:10:20+00:00", "generator": { "date": "2024-11-25T12:10:20+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:0630", "initial_release_date": "2018-04-03T18:21:14+00:00", "revision_history": [ { "date": "2018-04-03T18:21:14+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-04-03T18:21:14+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T12:10:20+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6.4", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6.4", "product_id": "Red Hat JBoss Enterprise Application Platform 6.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.4" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-04-03T18:21:14+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).\n\nThe JBoss server process must be restarted for the update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:0630" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.4" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
rhsa-2018_1451
Vulnerability from csaf_redhat
Published
2018-05-14 20:51
Modified
2024-12-08 10:58
Summary
Red Hat Security Advisory: eap6-jboss-ec2-eap security update
Notes
Topic
An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise
Application Platform 6.4 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise
Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2).
With this update, the jboss-ec2-eap package has been updated to ensure
compatibility with Red Hat JBoss Enterprise Application Platform 6.4.19.
Security Fix(es):
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
* Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability (CVE-2016-4978)
* solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163)
* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)
* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; 0c0c0f from 360观星实验室 for reporting CVE-2017-17485; and Chris McCown for reporting CVE-2018-8088.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise\nApplication Platform 6.4 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise\nApplication Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2).\n\nWith this update, the jboss-ec2-eap package has been updated to ensure\ncompatibility with Red Hat JBoss Enterprise Application Platform 6.4.19.\n\nSecurity Fix(es):\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\n* Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability (CVE-2016-4978)\n\n* solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163)\n\n* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)\n\n* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; 0c0c0f from 360\u89c2\u661f\u5b9e\u9a8c\u5ba4 for reporting CVE-2017-17485; and Chris McCown for reporting CVE-2018-8088.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:1451", "url": "https://access.redhat.com/errata/RHSA-2018:1451" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4" }, { "category": "external", "summary": "1379207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379207" }, { "category": "external", "summary": "1454783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1454783" }, { "category": "external", "summary": "1506612", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506612" }, { "category": "external", "summary": "1528565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528565" }, { "category": "external", "summary": "1548289", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548289" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "1549276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549276" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1451.json" } ], "title": "Red Hat Security Advisory: eap6-jboss-ec2-eap security update", "tracking": { "current_release_date": "2024-12-08T10:58:05+00:00", "generator": { "date": "2024-12-08T10:58:05+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2018:1451", "initial_release_date": "2018-05-14T20:51:07+00:00", "revision_history": [ { "date": "2018-05-14T20:51:07+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-05-14T20:51:07+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T10:58:05+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "product": { "name": "jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "product_id": "jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-ec2-eap@7.5.20-1.Final_redhat_1.ep6.el6?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "product": { "name": "jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "product_id": "jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-ec2-eap@7.5.20-1.Final_redhat_1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "product": { "name": "jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "product_id": "jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-ec2-eap-samples@7.5.20-1.Final_redhat_1.ep6.el6?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" }, "product_reference": "jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src" }, "product_reference": "jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" }, "product_reference": "jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-4978", "discovery_date": "2016-09-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1379207" } ], "notes": [ { "category": "description", "text": "It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.", "title": "Vulnerability description" }, { "category": "summary", "text": "Artemis: Deserialization of untrusted input vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-4978" }, { "category": "external", "summary": "RHBZ#1379207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379207" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-4978", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4978" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-4978", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4978" } ], "release_date": "2016-09-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:51:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1451" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Artemis: Deserialization of untrusted input vulnerability" }, { "cve": "CVE-2017-3163", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2017-05-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1454783" } ], "notes": [ { "category": "description", "text": "When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.", "title": "Vulnerability description" }, { "category": "summary", "text": "solr: Directory traversal via Index Replication HTTP API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3163" }, { "category": "external", "summary": "RHBZ#1454783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1454783" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3163", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3163" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3163", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3163" } ], "release_date": "2017-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:51:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1451" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "solr: Directory traversal via Index Replication HTTP API" }, { "acknowledgments": [ { "names": [ "Liao Xinxi" ], "organization": "NSFOCUS" } ], "cve": "CVE-2017-15095", "cwe": { "id": "CWE-184", "name": "Incomplete List of Disallowed Inputs" }, "discovery_date": "2017-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1506612" } ], "notes": [ { "category": "description", "text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of jackson-databind (in Satellite 6.0 and 6.1) and candlepin (which embeds a copy of jackson-databind in Satellite 6.2) as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time:\n\nCandlepin currently uses the default type resolution configuration for the ObjectMappers it creates/uses. Nowhere in candlepin do we enable global polymorphic deserialization via enableDefaultTyping(...), therefore based on the documentation sited BZ 1462702 , candlepin should not be affected.\n\nHowever as the vulnerable software ships with the product we have marked them as vulnerable to ensure the issue is tracked.\n\nJBoss EAP 7.x only uses the vulnerable Jackson Databind library for marshalling and unmarshalling of JSON objects passed to JAX-RS webservices. Some advise about how to remain safe when using JAX-RS webservices on JBoss EAP 7.x is available here: \n\nhttps://access.redhat.com/solutions/3279231", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-15095" }, { "category": "external", "summary": "RHBZ#1506612", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506612" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-15095", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15095" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15095", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15095" }, { "category": "external", "summary": "https://access.redhat.com/solutions/3442891", "url": "https://access.redhat.com/solutions/3442891" } ], "release_date": "2017-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:51:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1451" }, { "category": "workaround", "details": "Mitigation to this problem is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", "product_ids": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)" }, { "acknowledgments": [ { "names": [ "0c0c0f from 360\u89c2\u661f\u5b9e\u9a8c\u5ba4" ] } ], "cve": "CVE-2017-17485", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2017-12-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1528565" } ], "notes": [ { "category": "description", "text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisting more classes that could be used maliciously.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-17485" }, { "category": "external", "summary": "RHBZ#1528565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528565" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-17485", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17485" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-17485", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17485" }, { "category": "external", "summary": "https://access.redhat.com/solutions/3442891", "url": "https://access.redhat.com/solutions/3442891" } ], "release_date": "2017-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:51:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1451" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)" }, { "cve": "CVE-2018-1304", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2018-02-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548289" } ], "notes": [ { "category": "description", "text": "The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1304" }, { "category": "external", "summary": "RHBZ#1548289", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548289" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1304", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1304" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1304" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85", "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28" } ], "release_date": "2018-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:51:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1451" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources" }, { "cve": "CVE-2018-7489", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1549276" } ], "notes": [ { "category": "description", "text": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates.\n\nSatellite 6.2 does not support c3p0 classes. Since the latter are required for this flaw, therefore Satellite 6.2 is not affected. Satellite 6.3 and 6.4 are not affected because Candlepin does not use polymorphic deserialization.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-7489" }, { "category": "external", "summary": "RHBZ#1549276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549276" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7489", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489" }, { "category": "external", "summary": "https://access.redhat.com/solutions/3442891", "url": "https://access.redhat.com/solutions/3442891" } ], "release_date": "2018-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:51:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1451" }, { "category": "workaround", "details": "Advice on how to remain safe while using JAX-RS webservices on JBoss EAP 7.x is available here:\n\nhttps://access.redhat.com/solutions/3279231\nhttps://github.com/FasterXML/jackson-docs/wiki/JacksonPolymorphicDeserialization\n\nGeneral Mitigation: \nTry to avoid \n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries" }, { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:51:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1451" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.20-1.Final_redhat_1.ep6.el6.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
rhsa-2018_2419
Vulnerability from csaf_redhat
Published
2018-08-15 07:41
Modified
2024-11-25 12:10
Summary
Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.4.11 security update
Notes
Topic
An update is now available for Red Hat JBoss BPM Suite.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes.
This release of Red Hat JBoss BPM Suite 6.4.11 serves as a replacement for Red Hat JBoss BPM Suite 6.4.10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Chris McCown for reporting this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss BPM Suite.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes.\n\nThis release of Red Hat JBoss BPM Suite 6.4.11 serves as a replacement for Red Hat JBoss BPM Suite 6.4.10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Chris McCown for reporting this issue.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:2419", "url": "https://access.redhat.com/errata/RHSA-2018:2419" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=rhpam\u0026downloadType=securityPatches\u0026version=6.4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=rhpam\u0026downloadType=securityPatches\u0026version=6.4" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/6.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/6.4/" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2419.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.4.11 security update", "tracking": { "current_release_date": "2024-11-25T12:10:43+00:00", "generator": { "date": "2024-11-25T12:10:43+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:2419", "initial_release_date": "2018-08-15T07:41:36+00:00", "revision_history": [ { "date": "2018-08-15T07:41:36+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-08-15T07:41:36+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T12:10:43+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss BPMS 6.4", "product": { "name": "Red Hat JBoss BPMS 6.4", "product_id": "Red Hat JBoss BPMS 6.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_bpms:6.4" } } } ], "category": "product_family", "name": "Red Hat Process Automation Manager" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss BPMS 6.4" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-15T07:41:36+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss BPMS 6.4" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2419" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss BPMS 6.4" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
rhsa-2018_0582
Vulnerability from csaf_redhat
Published
2018-03-26 09:29
Modified
2024-11-25 12:09
Summary
Red Hat Security Advisory: rh-maven35-slf4j security update
Notes
Topic
An update for rh-maven35-slf4j is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Simple Logging Facade for Java or (SLF4J) is a simple facade for various logging APIs allowing the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging (JCL).
Security Fix(es):
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Chris McCown for reporting this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-maven35-slf4j is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The Simple Logging Facade for Java or (SLF4J) is a simple facade for various logging APIs allowing the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging (JCL).\n\nSecurity Fix(es):\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Chris McCown for reporting this issue.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:0582", "url": "https://access.redhat.com/errata/RHSA-2018:0582" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0582.json" } ], "title": "Red Hat Security Advisory: rh-maven35-slf4j security update", "tracking": { "current_release_date": "2024-11-25T12:09:43+00:00", "generator": { "date": "2024-11-25T12:09:43+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:0582", "initial_release_date": "2018-03-26T09:29:56+00:00", "revision_history": [ { "date": "2018-03-26T09:29:56+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-03-26T09:29:56+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T12:09:43+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.0-7.3.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.0-7.4.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } } ], "category": "product_family", "name": "Red Hat Software Collections" }, { "branches": [ { "category": "product_version", "name": "rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch", "product": { "name": "rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch", "product_id": "rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-maven35-slf4j-jcl@1.7.25-1.3.el7?arch=noarch" } } }, { "category": "product_version", "name": "rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch", "product": { "name": "rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch", "product_id": "rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-maven35-jul-to-slf4j@1.7.25-1.3.el7?arch=noarch" } } }, { "category": "product_version", "name": "rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch", "product": { "name": "rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch", "product_id": "rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-maven35-slf4j-manual@1.7.25-1.3.el7?arch=noarch" } } }, { "category": "product_version", "name": "rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch", "product": { "name": "rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch", "product_id": "rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-maven35-slf4j@1.7.25-1.3.el7?arch=noarch" } } }, { "category": "product_version", "name": "rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch", "product": { "name": "rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch", "product_id": "rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-maven35-slf4j-ext@1.7.25-1.3.el7?arch=noarch" } } }, { "category": "product_version", "name": "rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch", "product": { "name": "rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch", "product_id": "rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-maven35-slf4j-javadoc@1.7.25-1.3.el7?arch=noarch" } } }, { "category": "product_version", "name": "rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch", "product": { "name": "rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch", "product_id": "rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-maven35-slf4j-log4j12@1.7.25-1.3.el7?arch=noarch" } } }, { "category": "product_version", "name": "rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch", "product": { "name": "rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch", "product_id": "rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-maven35-slf4j-sources@1.7.25-1.3.el7?arch=noarch" } } }, { "category": "product_version", "name": "rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch", "product": { "name": "rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch", "product_id": "rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-maven35-jcl-over-slf4j@1.7.25-1.3.el7?arch=noarch" } } }, { "category": "product_version", "name": "rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch", "product": { "name": "rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch", "product_id": "rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-maven35-log4j-over-slf4j@1.7.25-1.3.el7?arch=noarch" } } }, { "category": "product_version", "name": "rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch", "product": { "name": "rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch", "product_id": "rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-maven35-slf4j-jdk14@1.7.25-1.3.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-maven35-slf4j-0:1.7.25-1.3.el7.src", "product": { "name": "rh-maven35-slf4j-0:1.7.25-1.3.el7.src", "product_id": "rh-maven35-slf4j-0:1.7.25-1.3.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-maven35-slf4j@1.7.25-1.3.el7?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.0-7.3.Z:rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.0-7.3.Z:rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.0-7.3.Z:rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-0:1.7.25-1.3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-0:1.7.25-1.3.el7.src" }, "product_reference": "rh-maven35-slf4j-0:1.7.25-1.3.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.0-7.4.Z:rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.0-7.4.Z:rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.0-7.4.Z:rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-0:1.7.25-1.3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-0:1.7.25-1.3.el7.src" }, "product_reference": "rh-maven35-slf4j-0:1.7.25-1.3.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.0:rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.0:rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.0:rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.0:rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-0:1.7.25-1.3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.0:rh-maven35-slf4j-0:1.7.25-1.3.el7.src" }, "product_reference": "rh-maven35-slf4j-0:1.7.25-1.3.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.0:rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.0:rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.0:rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.0:rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.0:rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.0:rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.0:rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.0:rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.0:rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.0:rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.0:rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-0:1.7.25-1.3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.0:rh-maven35-slf4j-0:1.7.25-1.3.el7.src" }, "product_reference": "rh-maven35-slf4j-0:1.7.25-1.3.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.0:rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.0:rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.0:rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.0:rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.0:rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.0:rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.0:rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch" }, "product_reference": "rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.0" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.0-7.3.Z:rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-0:1.7.25-1.3.el7.src", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-0:1.7.25-1.3.el7.src", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-0:1.7.25-1.3.el7.src", "7Server-RHSCL-3.0:rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-0:1.7.25-1.3.el7.src", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-03-26T09:29:56+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.0-7.3.Z:rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-0:1.7.25-1.3.el7.src", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-0:1.7.25-1.3.el7.src", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-0:1.7.25-1.3.el7.src", "7Server-RHSCL-3.0:rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-0:1.7.25-1.3.el7.src", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:0582" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-RHSCL-3.0-7.3.Z:rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-0:1.7.25-1.3.el7.src", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.3.Z:rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-0:1.7.25-1.3.el7.src", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0-7.4.Z:rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-0:1.7.25-1.3.el7.src", "7Server-RHSCL-3.0:rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch", "7Server-RHSCL-3.0:rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-jcl-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-jul-to-slf4j-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-log4j-over-slf4j-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-0:1.7.25-1.3.el7.src", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-ext-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-javadoc-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-jcl-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-jdk14-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-log4j12-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-manual-0:1.7.25-1.3.el7.noarch", "7Workstation-RHSCL-3.0:rh-maven35-slf4j-sources-0:1.7.25-1.3.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
wid-sec-w-2023-3225
Vulnerability from csaf_certbund
Published
2018-03-26 22:00
Modified
2024-05-16 22:00
Summary
SLF4J: Schwachstelle ermöglicht Codeausführung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Simple Logging Facade for Java (SLF4J) (SLF4J) bietet eine Java Logging API.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in SLF4J ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- Windows
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Simple Logging Facade for Java (SLF4J) (SLF4J) bietet eine Java Logging API.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in SLF4J ausnutzen, um beliebigen Programmcode auszuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- Sonstiges\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-3225 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2018/wid-sec-w-2023-3225.json" }, { "category": "self", "summary": "WID-SEC-2023-3225 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3225" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:0582 vom 2018-03-26", "url": "https://access.redhat.com/errata/RHSA-2018:0582" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:0592 vom 2018-03-26", "url": "https://access.redhat.com/errata/RHSA-2018:0592" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2018-0592 vom 2018-03-26", "url": "http://linux.oracle.com/errata/ELSA-2018-0592.html" }, { "category": "external", "summary": "SLF4J Git Commit", "url": "https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405" }, { "category": "external", "summary": "CentOS Security Advisory CESA-2018:0592 vom 2018-03-27", "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2018-0592-Important-CentOS-7-slf4j-Security-Update-tp4645019.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:0627 vom 2018-04-03", "url": "http://rhn.redhat.com/errata/RHSA-2018-0627.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:0628 vom 2018-04-03", "url": "http://rhn.redhat.com/errata/RHSA-2018-0628.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:0629 vom 2018-04-03", "url": "http://rhn.redhat.com/errata/RHSA-2018-0629.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:0630 vom 2018-04-03", "url": "http://rhn.redhat.com/errata/RHSA-2018-0630.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:1323 vom 2018-05-07", "url": "https://access.redhat.com/errata/RHSA-2018:1323" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:1525 vom 2018-05-16", "url": "https://access.redhat.com/errata/RHSA-2018:1525" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2018:1744-1 vom 2018-06-20", "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181744-1.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:2143 vom 2018-07-06", "url": "https://access.redhat.com/errata/RHSA-2018:2143" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:2420 vom 2018-08-16", "url": "https://access.redhat.com/errata/RHSA-2018:2420" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2018:2419 vom 2018-08-16", "url": "https://access.redhat.com/errata/RHSA-2018:2419" }, { "category": "external", "summary": "NetApp Security Advisory NTAP-20231227-0010 vom 2023-12-27", "url": "https://security.netapp.com/advisory/ntap-20231227-0010/" }, { "category": "external", "summary": "IBM Security Bulletin 7153639 vom 2024-05-17", "url": "https://www.ibm.com/support/pages/node/7153639" } ], "source_lang": "en-US", "title": "SLF4J: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung", "tracking": { "current_release_date": "2024-05-16T22:00:00.000+00:00", "generator": { "date": "2024-08-15T18:03:12.272+00:00", "engine": { "name": "BSI-WID", "version": "1.3.5" } }, "id": "WID-SEC-W-2023-3225", "initial_release_date": "2018-03-26T22:00:00.000+00:00", "revision_history": [ { "date": "2018-03-26T22:00:00.000+00:00", "number": "1", "summary": "Initial Release" }, { "date": "2018-03-26T22:00:00.000+00:00", "number": "2", "summary": "Version nicht vorhanden" }, { "date": "2018-03-26T22:00:00.000+00:00", "number": "3", "summary": "Version nicht vorhanden" }, { "date": "2018-03-27T22:00:00.000+00:00", "number": "4", "summary": "New remediations available" }, { "date": "2018-04-03T22:00:00.000+00:00", "number": "5", "summary": "New remediations available" }, { "date": "2018-04-03T22:00:00.000+00:00", "number": "6", "summary": "Version nicht vorhanden" }, { "date": "2018-05-06T22:00:00.000+00:00", "number": "7", "summary": "New remediations available" }, { "date": "2018-05-15T22:00:00.000+00:00", "number": "8", "summary": "New remediations available" }, { "date": "2018-06-19T22:00:00.000+00:00", "number": "9", "summary": "New remediations available" }, { "date": "2018-07-05T22:00:00.000+00:00", "number": "10", "summary": "New remediations available" }, { "date": "2018-08-15T22:00:00.000+00:00", "number": "11", "summary": "New remediations available" }, { "date": "2018-09-11T22:00:00.000+00:00", "number": "12", "summary": "Added references" }, { "date": "2023-12-27T23:00:00.000+00:00", "number": "13", "summary": "Produkt NetApp erg\u00e4nzt" }, { "date": "2024-05-16T22:00:00.000+00:00", "number": "14", "summary": "Neue Updates von IBM aufgenommen" } ], "status": "final", "version": "14" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "for Linux", "product": { "name": "NetApp ActiveIQ Unified Manager for Linux", "product_id": "T023548", "product_identification_helper": { "cpe": "cpe:/a:netapp:active_iq_unified_manager:for_linux" } } }, { "category": "product_version", "name": "for VMware vSphere", "product": { "name": "NetApp ActiveIQ Unified Manager for VMware vSphere", "product_id": "T025152", "product_identification_helper": { "cpe": "cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere" } } }, { "category": "product_version", "name": "for Microsoft Windows", "product": { "name": "NetApp ActiveIQ Unified Manager for Microsoft Windows", "product_id": "T025631", "product_identification_helper": { "cpe": "cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows" } } } ], "category": "product_name", "name": "ActiveIQ Unified Manager" } ], "category": "vendor", "name": "NetApp" }, { "branches": [ { "category": "product_name", "name": "Open Source CentOS", "product": { "name": "Open Source CentOS", "product_id": "1727", "product_identification_helper": { "cpe": "cpe:/o:centos:centos:-" } } }, { "category": "product_name", "name": "Open Source SLF4J", "product": { "name": "Open Source SLF4J", "product_id": "T011986", "product_identification_helper": { "cpe": "cpe:/a:open_source:slf4j:-" } } } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "7", "product": { "name": "Oracle Linux 7", "product_id": "287065", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:7" } } } ], "category": "product_name", "name": "Linux" } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "T006643", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7" } } } ], "category": "product_name", "name": "Enterprise Linux" } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-8088", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in SLF4J im \"EventData\" constructor in [ext/EventData.java] bez\u00fcglich Deserialisierung. Ein Angreifer kann dies mit geeigneten Daten ausnutzen, um beliebigen Code auszuf\u00fchren." } ], "product_status": { "known_affected": [ "T023548", "T006643", "T025152", "T002207", "T011986", "T025631", "1727", "287065" ] }, "release_date": "2018-03-26T22:00:00.000+00:00", "title": "CVE-2018-8088" } ] }
ghsa-w77p-8cfg-2x43
Vulnerability from github
Published
2022-05-13 01:04
Modified
2022-06-29 18:51
Severity ?
Summary
Improper Access Control in SLF4J
Details
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta4
allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J version 1.7.26
and later and in the 2.0.x
series.
Note that while the fix commit is associated with the tag 1.8.0-beta3
, the versions in Maven go directly from 1.8.0-beta2
to 1.8.0-beta4
.
{ "affected": [ { "database_specific": { "last_known_affected_version_range": "\u003c= 1.7.25" }, "package": { "ecosystem": "Maven", "name": "org.slf4j:slf4j-ext" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1.7.26" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 1.8.0-beta2" }, "package": { "ecosystem": "Maven", "name": "org.slf4j:slf4j-ext" }, "ranges": [ { "events": [ { "introduced": "1.8.0-alpha0" }, { "fixed": "1.8.0-beta4" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2018-8088" ], "database_specific": { "cwe_ids": [ "CWE-284" ], "github_reviewed": true, "github_reviewed_at": "2022-06-29T18:51:39Z", "nvd_published_at": "2018-03-20T16:29:00Z", "severity": "CRITICAL" }, "details": "org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before `1.8.0-beta4` allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J version `1.7.26` and later and in the `2.0.x` series.\n\nNote that while the [fix commit](https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405) is associated with the tag `1.8.0-beta3`, the versions in [Maven](https://mvnrepository.com/artifact/org.slf4j/slf4j-ext) go directly from `1.8.0-beta2` to `1.8.0-beta4`.", "id": "GHSA-w77p-8cfg-2x43", "modified": "2022-06-29T18:51:39Z", "published": "2022-05-13T01:04:09Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" }, { "type": "WEB", "url": "https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a@%3Cissues.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a%40%3Cissues.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991@%3Ccommon-issues.hadoop.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991%40%3Ccommon-issues.hadoop.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042@%3Ccommits.iotdb.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042%40%3Ccommits.iotdb.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa@%3Cdev.flink.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa%40%3Cdev.flink.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf@%3Ccommits.pulsar.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729@%3Cissues.flink.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729%40%3Cissues.flink.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25@%3Cnotifications.logging.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25%40%3Cnotifications.logging.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0@%3Ccommon-issues.hadoop.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0%40%3Ccommon-issues.hadoop.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541@%3Cissues.flink.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541%40%3Cissues.flink.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3@%3Cissues.flink.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3%40%3Cissues.flink.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e@%3Creviews.iotdb.apache.org%3E" }, { "type": "WEB", "url": "https://www.slf4j.org/news.html" }, { "type": "WEB", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20231227-0010" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264@%3Ccommon-issues.hadoop.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264%40%3Ccommon-issues.hadoop.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9@%3Creviews.iotdb.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9%40%3Creviews.iotdb.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c@%3Cdev.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c%40%3Cdev.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378@%3Ccommon-dev.hadoop.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378%40%3Ccommon-dev.hadoop.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462@%3Ccommon-commits.hadoop.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462%40%3Ccommon-commits.hadoop.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78@%3Ccommon-commits.hadoop.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78%40%3Ccommon-commits.hadoop.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db@%3Cissues.flink.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db%40%3Cissues.flink.apache.org%3E" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:2669" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:2420" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:2419" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:2143" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:1575" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:1525" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:1451" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:1450" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:1449" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:1448" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:1447" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:1323" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:1251" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:1249" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:1248" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:1247" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:0630" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:0629" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:0628" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:0627" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:0592" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:0582" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e%40%3Creviews.iotdb.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5@%3Creviews.iotdb.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5%40%3Creviews.iotdb.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56@%3Cissues.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56%40%3Cissues.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42@%3Creviews.iotdb.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42%40%3Creviews.iotdb.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe@%3Cnotifications.iotdb.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe%40%3Cnotifications.iotdb.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489@%3Ccommon-issues.hadoop.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489%40%3Ccommon-issues.hadoop.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa@%3Cissues.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa%40%3Cissues.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa@%3Cdevnull.infra.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa%40%3Cdevnull.infra.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f@%3Cdevnull.infra.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f%40%3Cdevnull.infra.apache.org%3E" }, { "type": "WEB", "url": "https://jira.qos.ch/browse/SLF4J-431" }, { "type": "WEB", "url": "https://jira.qos.ch/browse/SLF4J-430" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2019:3140" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2019:2413" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:2930" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/103737" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1040627" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "Improper Access Control in SLF4J" }
gsd-2018-8088
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2018-8088", "description": "org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.", "id": "GSD-2018-8088", "references": [ "https://www.suse.com/security/cve/CVE-2018-8088.html", "https://access.redhat.com/errata/RHSA-2020:2561", "https://access.redhat.com/errata/RHSA-2019:3140", "https://access.redhat.com/errata/RHSA-2019:2413", "https://access.redhat.com/errata/RHSA-2018:2930", "https://access.redhat.com/errata/RHSA-2018:2669", "https://access.redhat.com/errata/RHSA-2018:2420", "https://access.redhat.com/errata/RHSA-2018:2419", "https://access.redhat.com/errata/RHSA-2018:2143", "https://access.redhat.com/errata/RHSA-2018:1575", "https://access.redhat.com/errata/RHSA-2018:1525", "https://access.redhat.com/errata/RHSA-2018:1451", "https://access.redhat.com/errata/RHSA-2018:1450", "https://access.redhat.com/errata/RHSA-2018:1449", "https://access.redhat.com/errata/RHSA-2018:1448", "https://access.redhat.com/errata/RHSA-2018:1447", "https://access.redhat.com/errata/RHSA-2018:1323", "https://access.redhat.com/errata/RHSA-2018:1251", "https://access.redhat.com/errata/RHSA-2018:1249", "https://access.redhat.com/errata/RHSA-2018:1248", "https://access.redhat.com/errata/RHSA-2018:1247", "https://access.redhat.com/errata/RHSA-2018:0630", "https://access.redhat.com/errata/RHSA-2018:0629", "https://access.redhat.com/errata/RHSA-2018:0628", "https://access.redhat.com/errata/RHSA-2018:0627", "https://access.redhat.com/errata/RHSA-2018:0592", "https://access.redhat.com/errata/RHSA-2018:0582", "https://linux.oracle.com/cve/CVE-2018-8088.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2018-8088" ], "details": "org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.", "id": "GSD-2018-8088", "modified": "2023-12-13T01:22:34.086437Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-8088", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2018:1448", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1448" }, { "name": "1040627", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040627" }, { "name": "RHSA-2018:1449", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1449" }, { "name": "https://jira.qos.ch/browse/SLF4J-431", "refsource": "MISC", "url": "https://jira.qos.ch/browse/SLF4J-431" }, { "name": "RHSA-2018:1248", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1248" }, { "name": "RHSA-2018:1251", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1251" }, { "name": "RHSA-2018:2143", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2143" }, { "name": "RHSA-2018:1450", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1450" }, { "name": "RHSA-2018:2669", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2669" }, { "name": "RHSA-2018:1323", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1323" }, { "name": "RHSA-2018:2420", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2420" }, { "name": "RHSA-2018:0630", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0630" }, { "name": "RHSA-2018:1525", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1525" }, { "name": "RHSA-2018:1575", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1575" }, { "name": "RHSA-2018:1451", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1451" }, { "name": "RHSA-2018:0629", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0629" }, { "name": "RHSA-2018:0628", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0628" }, { "name": "RHSA-2018:0582", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0582" }, { "name": "103737", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103737" }, { "name": "RHSA-2018:2419", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2419" }, { "name": "RHSA-2018:1447", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1447" }, { "name": "RHSA-2018:1247", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1247" }, { "name": "RHSA-2018:0627", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0627" }, { "name": "RHSA-2018:2930", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2930" }, { "name": "RHSA-2018:1249", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1249" }, { "name": "RHSA-2018:0592", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0592" }, { "name": "[infra-devnull] 20190321 [GitHub] [tika] dadoonet opened pull request #268: Update slf4j to 1.8.0-beta4", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f@%3Cdevnull.infra.apache.org%3E" }, { "name": "[infra-devnull] 20190321 [GitHub] [tika] grossws commented on issue #268: Update slf4j to 1.8.0-beta4", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa@%3Cdevnull.infra.apache.org%3E" }, { "name": "RHSA-2019:2413", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2413" }, { "name": "RHSA-2019:3140", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3140" }, { "name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "name": "https://jira.qos.ch/browse/SLF4J-431", "refsource": "MISC", "url": "https://jira.qos.ch/browse/SLF4J-431" }, { "name": "https://jira.qos.ch/browse/SLF4J-430", "refsource": "MISC", "url": "https://jira.qos.ch/browse/SLF4J-430" }, { "name": "https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405", "refsource": "MISC", "url": "https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405" }, { "name": "[hadoop-common-dev] 20200824 [jira] [Created] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378@%3Ccommon-dev.hadoop.apache.org%3E" }, { "name": "[hadoop-common-issues] 20200824 [jira] [Created] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991@%3Ccommon-issues.hadoop.apache.org%3E" }, { "name": "[hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0@%3Ccommon-issues.hadoop.apache.org%3E" }, { "name": "[hadoop-common-issues] 20200824 [jira] [Commented] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264@%3Ccommon-issues.hadoop.apache.org%3E" }, { "name": "[hadoop-common-commits] 20200824 [hadoop] branch branch-3.3 updated: HADOOP-17220. Upgrade slf4j to 1.7.30 ( To Address: CVE-2018-8088). Contributed by Brahma Reddy Battula.", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78@%3Ccommon-commits.hadoop.apache.org%3E" }, { "name": "[hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Address: CVE-2018-8088)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489@%3Ccommon-issues.hadoop.apache.org%3E" }, { "name": "[hadoop-common-commits] 20200824 [hadoop] branch trunk updated: HADOOP-17220. Upgrade slf4j to 1.7.30 ( To Address: CVE-2018-8088). Contributed by Brahma Reddy Battula.", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462@%3Ccommon-commits.hadoop.apache.org%3E" }, { "name": "[logging-notifications] 20200825 [jira] [Commented] (LOG4J2-2329) Fix dependency in log4j-slf4j-impl to slf4j due to CVE-2018-8088", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25@%3Cnotifications.logging.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E" }, { "name": "[pulsar-commits] 20210127 [GitHub] [pulsar] GLouMcK opened a new issue #9347: Security Vulnerabilities - Black Duck Scan", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf@%3Ccommits.pulsar.apache.org%3E" }, { "name": "[iotdb-notifications] 20210325 [jira] [Created] (IOTDB-1258) jcl-over-slf4j have Security Vulnerabilities CVE-2018-8088", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe@%3Cnotifications.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] wangchao316 opened a new pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5@%3Creviews.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210327 [GitHub] [iotdb] wangchao316 closed pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42@%3Creviews.iotdb.apache.org%3E" }, { "name": "[iotdb-reviews] 20210327 [GitHub] [iotdb] wangchao316 opened a new pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e@%3Creviews.iotdb.apache.org%3E" }, { "name": "[zookeeper-issues] 20210327 [jira] [Created] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa@%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-issues] 20210327 [jira] [Updated] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56@%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-dev] 20210327 [jira] [Created] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c@%3Cdev.zookeeper.apache.org%3E" }, { "name": "[zookeeper-issues] 20210328 [jira] [Commented] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a@%3Cissues.zookeeper.apache.org%3E" }, { "name": "[iotdb-reviews] 20210328 [GitHub] [iotdb] HTHou merged pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9@%3Creviews.iotdb.apache.org%3E" }, { "name": "[iotdb-commits] 20210328 [iotdb] branch master updated: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088 (#2906)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042@%3Ccommits.iotdb.apache.org%3E" }, { "name": "[flink-dev] 20210720 [jira] [Created] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa@%3Cdev.flink.apache.org%3E" }, { "name": "[flink-issues] 20210720 [jira] [Created] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3@%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20210721 [jira] [Commented] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729@%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20210725 [jira] [Commented] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db@%3Cissues.flink.apache.org%3E" }, { "name": "[flink-issues] 20210804 [jira] [Closed] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541@%3Cissues.flink.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "name": "https://www.slf4j.org/news.html", "refsource": "MISC", "url": "https://www.slf4j.org/news.html" }, { "name": "https://security.netapp.com/advisory/ntap-20231227-0010/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20231227-0010/" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "(,1.7.25],[1.8.0-alpha0,1.8.0-beta2]", "affected_versions": "All versions up to 1.7.25, all versions starting from 1.8.0-alpha0 up to 1.8.0-beta2", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2022-06-29", "description": "org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.", "fixed_versions": [ "1.7.26", "1.8.0-beta4" ], "identifier": "CVE-2018-8088", "identifiers": [ "GHSA-w77p-8cfg-2x43", "CVE-2018-8088" ], "not_impacted": "All versions after 1.7.25 before 1.8.0-alpha0, all versions after 1.8.0-beta2", "package_slug": "maven/org.slf4j/slf4j-ext", "pubdate": "2022-05-13", "solution": "Upgrade to versions 1.7.26, 1.8.0-beta4 or above. *Note*: 1.8.0-beta4 may be an unstable version. Use caution.", "title": "Improper Access Control in SLF4J", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405", "https://access.redhat.com/errata/RHSA-2018:0582", "https://access.redhat.com/errata/RHSA-2018:0592", "https://access.redhat.com/errata/RHSA-2018:0627", "https://access.redhat.com/errata/RHSA-2018:0628", "https://access.redhat.com/errata/RHSA-2018:0629", "https://access.redhat.com/errata/RHSA-2018:0630", "https://access.redhat.com/errata/RHSA-2018:1247", "https://access.redhat.com/errata/RHSA-2018:1248", "https://access.redhat.com/errata/RHSA-2018:1249", "https://access.redhat.com/errata/RHSA-2018:1251", "https://access.redhat.com/errata/RHSA-2018:1323", "https://access.redhat.com/errata/RHSA-2018:1447", "https://access.redhat.com/errata/RHSA-2018:1448", "https://access.redhat.com/errata/RHSA-2018:1449", "https://access.redhat.com/errata/RHSA-2018:1450", "https://access.redhat.com/errata/RHSA-2018:1451", "https://access.redhat.com/errata/RHSA-2018:1525", "https://access.redhat.com/errata/RHSA-2018:1575", "https://access.redhat.com/errata/RHSA-2018:2143", "https://access.redhat.com/errata/RHSA-2018:2419", "https://access.redhat.com/errata/RHSA-2018:2420", "https://access.redhat.com/errata/RHSA-2018:2669", "https://access.redhat.com/errata/RHSA-2018:2930", "https://access.redhat.com/errata/RHSA-2019:2413", "https://access.redhat.com/errata/RHSA-2019:3140", "https://jira.qos.ch/browse/SLF4J-430", "https://jira.qos.ch/browse/SLF4J-431", "https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f@%3Cdevnull.infra.apache.org%3E", "https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa@%3Cdevnull.infra.apache.org%3E", "https://lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa@%3Cissues.zookeeper.apache.org%3E", "https://lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489@%3Ccommon-issues.hadoop.apache.org%3E", "https://lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe@%3Cnotifications.iotdb.apache.org%3E", "https://lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42@%3Creviews.iotdb.apache.org%3E", "https://lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56@%3Cissues.zookeeper.apache.org%3E", "https://lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5@%3Creviews.iotdb.apache.org%3E", "https://lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e@%3Creviews.iotdb.apache.org%3E", "https://lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3@%3Cissues.flink.apache.org%3E", "https://lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541@%3Cissues.flink.apache.org%3E", "https://lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0@%3Ccommon-issues.hadoop.apache.org%3E", "https://lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25@%3Cnotifications.logging.apache.org%3E", "https://lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729@%3Cissues.flink.apache.org%3E", "https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf@%3Ccommits.pulsar.apache.org%3E", "https://lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa@%3Cdev.flink.apache.org%3E", "https://lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042@%3Ccommits.iotdb.apache.org%3E", "https://lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991@%3Ccommon-issues.hadoop.apache.org%3E", "https://lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a@%3Cissues.zookeeper.apache.org%3E", "https://lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db@%3Cissues.flink.apache.org%3E", "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E", "https://lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78@%3Ccommon-commits.hadoop.apache.org%3E", "https://lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462@%3Ccommon-commits.hadoop.apache.org%3E", "https://lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378@%3Ccommon-dev.hadoop.apache.org%3E", "https://lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c@%3Cdev.zookeeper.apache.org%3E", "https://lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9@%3Creviews.iotdb.apache.org%3E", "https://lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264@%3Ccommon-issues.hadoop.apache.org%3E", "https://www.oracle.com/security-alerts/cpujul2020.html", "https://www.oracle.com/security-alerts/cpuoct2020.html", "https://www.oracle.com/security-alerts/cpuoct2021.html", "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "https://github.com/advisories/GHSA-w77p-8cfg-2x43" ], "uuid": "269ad388-bcc1-43e6-98ab-061a5bb0477c" } ] }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qos:slf4j:*:*:*:*:*:*:*:*", "matchCriteriaId": "D42F1233-D2BD-4CF0-94F9-8BE35346BC1F", "versionEndExcluding": "1.7.26", "vulnerable": true }, { "criteria": "cpe:2.3:a:qos:slf4j:1.8.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "53E5592F-9FFB-4ABE-82B9-D6A130359C6C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qos:slf4j:1.8.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "51E52584-4E04-40CE-AD6D-7D2B9A97DF2C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qos:slf4j:1.8.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "9EA01C6A-4A37-436E-939E-A4C6E29D0F81", "vulnerable": true }, { "criteria": "cpe:2.3:a:qos:slf4j:1.8.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "BA0E73F4-0197-422E-B454-A6090BD1D911", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "7117F117-D439-45EB-BB95-397E5E52C9BB", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B1ABA871-3271-48E2-A69C-5AD70AF94E53", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F6F259E6-10A8-4207-8FC2-85ABD70B04C0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4E7F2AA-B851-4D85-9895-2CDD6BE9FCB4", "versionEndExcluding": "19.1.0.0.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "5435B365-BFF3-4A9E-B45C-42D8F1E20FB7", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:utilities_framework:4.3.0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "F7715FC4-631E-462D-AD59-F44235C19837", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:utilities_framework:4.3.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2224F133-2D7D-4F3A-995A-31599C579ADB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:utilities_framework:4.3.0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "EA3D0BC5-109D-4405-8566-3C91A20EA3A3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5BBA303-8D2B-48C5-B52A-4E192166699C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "8DF02546-3F0D-4FDD-89B1-8A3FE43FB5BF", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series." }, { "lang": "es", "value": "org.slf4j.ext.EventData en el m\u00f3dulo slf4j-ext en QOS.CH SLF4J antes de la versi\u00f3n 1.8.0-beta2 permite a los atacantes remotos saltarse las restricciones de acceso previstas a trav\u00e9s de datos manipulados. EventData en el m\u00f3dulo slf4j-ext en QOS.CH SLF4J, ha sido corregido en las versiones 1.7.26 posteriores de SLF4J y en la serie 2.0.x" } ], "id": "CVE-2018-8088", "lastModified": "2023-12-27T15:15:44.463", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-03-20T16:29:00.547", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/103737" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040627" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:0582" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:0592" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:0627" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:0628" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:0629" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:0630" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1247" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1248" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1249" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1251" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1323" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1447" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1448" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1449" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1450" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1451" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1525" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:1575" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2143" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2419" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2420" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2669" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2930" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2413" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3140" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://jira.qos.ch/browse/SLF4J-430" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://jira.qos.ch/browse/SLF4J-431" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f%40%3Cdevnull.infra.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa%40%3Cdevnull.infra.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa%40%3Cissues.zookeeper.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489%40%3Ccommon-issues.hadoop.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe%40%3Cnotifications.iotdb.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42%40%3Creviews.iotdb.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56%40%3Cissues.zookeeper.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5%40%3Creviews.iotdb.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e%40%3Creviews.iotdb.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3%40%3Cissues.flink.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541%40%3Cissues.flink.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0%40%3Ccommon-issues.hadoop.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25%40%3Cnotifications.logging.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729%40%3Cissues.flink.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa%40%3Cdev.flink.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042%40%3Ccommits.iotdb.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991%40%3Ccommon-issues.hadoop.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a%40%3Cissues.zookeeper.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db%40%3Cissues.flink.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78%40%3Ccommon-commits.hadoop.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462%40%3Ccommon-commits.hadoop.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378%40%3Ccommon-dev.hadoop.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c%40%3Cdev.zookeeper.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9%40%3Creviews.iotdb.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264%40%3Ccommon-issues.hadoop.apache.org%3E" }, { "source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20231227-0010/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "source": "cve@mitre.org", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "source": "cve@mitre.org", "url": "https://www.slf4j.org/news.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] } } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.