rhsa-2020_0962
Vulnerability from csaf_redhat
Published
2020-03-24 11:31
Modified
2024-12-08 11:14
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
Security Fix(es):
* The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887)
* libthrift: thrift: Endless loop when feed with specific input data (CVE-2019-0205)
* libthrift: thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)
* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nSecurity Fix(es):\n\n* The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887) \n\n* libthrift: thrift: Endless loop when feed with specific input data (CVE-2019-0205)\n\n* libthrift: thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)\n\n* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:0962", "url": "https://access.redhat.com/errata/RHSA-2020:0962" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/" }, { "category": "external", "summary": "1764607", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764607" }, { "category": "external", "summary": "1764612", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764612" }, { "category": "external", "summary": "1772008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772008" }, { "category": "external", "summary": "1807305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0962.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3 security update", "tracking": { "current_release_date": "2024-12-08T11:14:04+00:00", "generator": { "date": "2024-12-08T11:14:04+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2020:0962", "initial_release_date": "2020-03-24T11:31:04+00:00", "revision_history": [ { "date": "2020-03-24T11:31:04+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-03-24T11:31:04+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-08T11:14:04+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product": { "name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7" } } }, { "category": "product_name", "name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product": { "name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6" } } }, { "category": "product_name", "name": "Red Hat JBoss EAP 7.3 for BaseOS-8", "product": { "name": "Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch", "product_id": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-4.SP1_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch", "product_id": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-thrift@0.13.0-1.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "product_id": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java@0.34.1-1.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "product_id": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java-core@0.34.1-1.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "product_id": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java-thrift@0.34.1-1.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@1.0.9-2.SP03_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-java@1.0.9-2.SP03_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch", "product_id": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-4.SP1_redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch", "product_id": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-thrift@0.13.0-1.redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "product_id": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java@0.34.1-1.redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "product_id": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java-core@0.34.1-1.redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "product": { "name": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "product_id": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java-thrift@0.34.1-1.redhat_00002.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@1.0.9-2.SP03_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "product": { "name": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "product_id": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-java@1.0.9-2.SP03_redhat_00001.1.el6eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch", "product_id": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-4.SP1_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch", "product_id": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-thrift@0.13.0-1.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "product_id": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java@0.34.1-1.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "product_id": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java-core@0.34.1-1.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "product_id": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java-thrift@0.34.1-1.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@1.0.9-2.SP03_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-java@1.0.9-2.SP03_redhat_00001.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src", "product": { "name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src", "product_id": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-4.SP1_redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src", "product": { "name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src", "product_id": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-thrift@0.13.0-1.redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src", "product": { "name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src", "product_id": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java@0.34.1-1.redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-x86_64@1.0.9-2.SP03_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@1.0.9-2.SP03_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src", "product": { "name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src", "product_id": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-4.SP1_redhat_00002.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src", "product": { "name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src", "product_id": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-thrift@0.13.0-1.redhat_00002.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src", "product": { "name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src", "product_id": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java@0.34.1-1.redhat_00002.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-x86_64@1.0.9-2.SP03_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "product": { "name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "product_id": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@1.0.9-2.SP03_redhat_00001.1.el6eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src", "product": { "name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src", "product_id": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-4.SP1_redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src", "product": { "name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src", "product_id": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-thrift@0.13.0-1.redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src", "product": { "name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src", "product_id": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java@0.34.1-1.redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-x86_64@1.0.9-2.SP03_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl@1.0.9-2.SP03_redhat_00001.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "product": { "name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "product_id": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-x86_64@1.0.9-2.SP03_redhat_00001.1.el7eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "product": { "name": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "product_id": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-x86_64-debuginfo@1.0.9-2.SP03_redhat_00001.1.el7eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "product": { "name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "product_id": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-x86_64@1.0.9-2.SP03_redhat_00001.1.el6eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "product": { "name": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "product_id": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-x86_64-debuginfo@1.0.9-2.SP03_redhat_00001.1.el6eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "product": { "name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "product_id": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-x86_64@1.0.9-2.SP03_redhat_00001.1.el8eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "product": { "name": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "product_id": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-x86_64-debuginfo@1.0.9-2.SP03_redhat_00001.1.el8eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src" }, "product_reference": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src" }, "product_reference": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src" }, "product_reference": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch" }, "product_reference": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src" }, "product_reference": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64 as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64" }, "product_reference": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64 as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server", "product_id": "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64" }, "product_reference": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "relates_to_product_reference": "6Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src" }, "product_reference": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src" }, "product_reference": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64" }, "product_reference": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64" }, "product_reference": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src" }, "product_reference": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src" }, "product_reference": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64" }, "product_reference": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.3 for BaseOS-8", "product_id": "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64" }, "product_reference": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-0205", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1764612" } ], "notes": [ { "category": "description", "text": "In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.", "title": "Vulnerability description" }, { "category": "summary", "text": "thrift: Endless loop when feed with specific input data", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains a vulnerable version of libthrift. However, OpenDaylight does not expose libthrift in a vulnerable way, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe thrift package in OpenShift Container Platform is installed only in Curator images in the Logging stack. The affected code is included in this package, it\u0027s functionality is not used. This vulnerability is therefore rated Low for OpenShift Container Platform.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0205" }, { "category": "external", "summary": "RHBZ#1764612", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764612" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0205", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0205" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0205", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0205" } ], "release_date": "2019-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-24T11:31:04+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nFor details about how to apply this update, see:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0962" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "thrift: Endless loop when feed with specific input data" }, { "cve": "CVE-2019-0210", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2019-10-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1764607" } ], "notes": [ { "category": "description", "text": "In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.", "title": "Vulnerability description" }, { "category": "summary", "text": "thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains a vulnerable version of libthrift. However, OpenDaylight is not affected as this is a Golang specific problem, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe version of thrift delivered in OpenShift Container Platform is not affected by this vulnerability as it does not contain the affected code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0210" }, { "category": "external", "summary": "RHBZ#1764607", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764607" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0210", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0210" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0210", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0210" } ], "release_date": "2019-10-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-24T11:31:04+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nFor details about how to apply this update, see:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0962" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol" }, { "cve": "CVE-2019-14887", "cwe": { "id": "CWE-757", "name": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)" }, "discovery_date": "2019-11-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1772008" } ], "notes": [ { "category": "description", "text": "A flaw was found when an OpenSSL security provider is used with Wildfly, the \u0027enabled-protocols\u0027 value in the Wildfly configuration isn\u0027t honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14887" }, { "category": "external", "summary": "RHBZ#1772008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772008" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14887", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14887" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14887", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14887" } ], "release_date": "2020-03-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-24T11:31:04+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nFor details about how to apply this update, see:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0962" }, { "category": "workaround", "details": "Avoid using an OpenSSL security provider and instead use the default configuration or regular JSSE provider with \u0027TLS\u0027.", "product_ids": [ "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use" }, { "acknowledgments": [ { "names": [ "Steve Zapantis", "Robert Roberson", "taktakdb4g" ] } ], "cve": "CVE-2020-1745", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807305" } ], "notes": [ { "category": "description", "text": "A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: AJP File Read/Inclusion Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1938", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1745" }, { "category": "external", "summary": "RHBZ#1807305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1745", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1745" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745" }, { "category": "external", "summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/", "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/" }, { "category": "external", "summary": "https://www.cnvd.org.cn/webinfo/show/5415", "url": "https://www.cnvd.org.cn/webinfo/show/5415" }, { "category": "external", "summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487", "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487" } ], "release_date": "2020-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-03-24T11:31:04+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nFor details about how to apply this update, see:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:0962" }, { "category": "workaround", "details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251", "product_ids": [ "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: AJP File Read/Inclusion Vulnerability" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.