RHSA-2025:9583
Vulnerability from csaf_redhat - Published: 2025-06-25 00:16 - Updated: 2026-05-14 22:33Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.14 Security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.13, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.3.z] (CVE-2023-1973)
* undertow: Infinite loop in SslConduit during close [eap-7.3.z] (CVE-2023-1108)
* undertow: OutOfMemoryError due to @MultipartConfig handling [eap-7.3.z] (CVE-2023-3223)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.3.z] (CVE-2024-1635)
* keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS [eap-7.3.z] (CVE-2024-1249)
* undertow: Server identity in https connection is not checked by the undertow client [eap-7.3.z] (CVE-2022-4492)
* undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) [eap-7.3.z] (CVE-2022-1259)
* undertow: Large AJP request may cause DoS [eap-7.3.z] (CVE-2022-2053)
* undertow: AJP Request closes connection exceeding maxRequestSize [eap-7.3.z] (CVE-2023-5379)
* undertow: Double AJP response for 400 from EAP 7 results in CPING failures [eap-7.3.z] (CVE-2022-1319)
* eap: JBoss EAP: wildfly-elytron has a SSRF security issue [eap-7.3.z] (CVE-2024-1233)
* wildfly-elytron: possible timing attacks via use of unsafe comparator [eap-7.3.z] (CVE-2022-3143)
* netty-all: netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way [eap-7.3.z] (CVE-2021-37137)
* netty-all: netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data [eap-7.3.z] (CVE-2021-37136)
* jackson-databind: denial of service via a large depth of nested objects [eap-7.3.z] (CVE-2020-36518)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.
7.4 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.
7.3 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.
7.5 (High)
Affected products
Fixed
53 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
84 references
Acknowledgments
System and Software Security Lab in Fudan University
Keke Lian & Haoran Zhao
Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.13, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.3.z] (CVE-2023-1973)\n\n* undertow: Infinite loop in SslConduit during close [eap-7.3.z] (CVE-2023-1108)\n\n* undertow: OutOfMemoryError due to @MultipartConfig handling [eap-7.3.z] (CVE-2023-3223)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.3.z] (CVE-2024-1635)\n\n* keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS [eap-7.3.z] (CVE-2024-1249)\n\n* undertow: Server identity in https connection is not checked by the undertow client [eap-7.3.z] (CVE-2022-4492)\n\n* undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) [eap-7.3.z] (CVE-2022-1259)\n\n* undertow: Large AJP request may cause DoS [eap-7.3.z] (CVE-2022-2053)\n\n* undertow: AJP Request closes connection exceeding maxRequestSize [eap-7.3.z] (CVE-2023-5379)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures [eap-7.3.z] (CVE-2022-1319)\n\n* eap: JBoss EAP: wildfly-elytron has a SSRF security issue [eap-7.3.z] (CVE-2024-1233)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator [eap-7.3.z] (CVE-2022-3143)\n\n* netty-all: netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way [eap-7.3.z] (CVE-2021-37137)\n\n* netty-all: netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data [eap-7.3.z] (CVE-2021-37136)\n\n* jackson-databind: denial of service via a large depth of nested objects [eap-7.3.z] (CVE-2020-36518)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:9583",
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2004133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
},
{
"category": "external",
"summary": "2004135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
},
{
"category": "external",
"summary": "2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "2072339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339"
},
{
"category": "external",
"summary": "2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "external",
"summary": "2095862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862"
},
{
"category": "external",
"summary": "2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "2153260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
},
{
"category": "external",
"summary": "2174246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2209689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689"
},
{
"category": "external",
"summary": "2242099",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099"
},
{
"category": "external",
"summary": "2262849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262849"
},
{
"category": "external",
"summary": "2262918",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262918"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-29448",
"url": "https://issues.redhat.com/browse/JBEAP-29448"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9583.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.14 Security update",
"tracking": {
"current_release_date": "2026-05-14T22:33:05+00:00",
"generator": {
"date": "2026-05-14T22:33:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2025:9583",
"initial_release_date": "2025-06-25T00:16:10+00:00",
"revision_history": [
{
"date": "2025-06-25T00:16:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-25T00:16:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:33:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product_id": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-3.redhat_00006.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"product_id": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-5.redhat_00006.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-3.redhat_00006.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"product_id": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.63-5.Final_redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product": {
"name": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product_id": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-3.redhat_00006.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"product_id": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-5.redhat_00006.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.41-4.SP5_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-2.redhat_00006.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.17-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.14-3.GA_redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-16.Final_redhat_00017.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-3.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-5.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-3.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-3.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.63-5.Final_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.63-5.Final_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-3.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-5.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-5.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.41-4.SP5_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-2.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-2.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-2.redhat_00006.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.14-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.14-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.14-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.14-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.14-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-16.Final_redhat_00017.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src"
},
"product_reference": "eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36518",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: denial of service via a large depth of nested objects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "RHBZ#2064698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2",
"url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2"
}
],
"release_date": "2020-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: denial of service via a large depth of nested objects"
},
{
"cve": "CVE-2021-37136",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2004133"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37136"
},
{
"category": "external",
"summary": "RHBZ#2004133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
}
],
"release_date": "2021-09-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data"
},
{
"cve": "CVE-2021-37137",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2004135"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37137"
},
{
"category": "external",
"summary": "RHBZ#2004135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
}
],
"release_date": "2021-09-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way"
},
{
"cve": "CVE-2022-1259",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-04-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2072339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs because of an incomplete fix for CVE-2021-3629.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1259"
},
{
"category": "external",
"summary": "RHBZ#2072339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1259",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1259"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1259",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1259"
}
],
"release_date": "2022-04-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)"
},
{
"cve": "CVE-2022-1319",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-04-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2073890"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1319"
},
{
"category": "external",
"summary": "RHBZ#2073890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319"
}
],
"release_date": "2022-04-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures"
},
{
"cve": "CVE-2022-2053",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2095862"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Large AJP request may cause DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 is now in Maintenance Support Phase and is marked Fixed. However, Red Hat Fuse Online does not contain the fix for this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2053"
},
{
"category": "external",
"summary": "RHBZ#2095862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2053",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2053"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053"
}
],
"release_date": "2022-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Large AJP request may cause DoS"
},
{
"cve": "CVE-2022-3143",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124682"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly-elytron: possible timing attacks via use of unsafe comparator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3143"
},
{
"category": "external",
"summary": "RHBZ#2124682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly-elytron: possible timing attacks via use of unsafe comparator"
},
{
"cve": "CVE-2022-4492",
"cwe": {
"id": "CWE-550",
"name": "Server-generated Error Message Containing Sensitive Information"
},
"discovery_date": "2022-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2153260"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Server identity in https connection is not checked by the undertow client",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4492"
},
{
"category": "external",
"summary": "RHBZ#2153260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492"
}
],
"release_date": "2022-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Server identity in https connection is not checked by the undertow client"
},
{
"cve": "CVE-2023-1108",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2023-02-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2174246"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Undertow: Infinite loop in SslConduit during close",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1108"
},
{
"category": "external",
"summary": "RHBZ#2174246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1108",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1108"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-m4mm-pg93-fv78",
"url": "https://github.com/advisories/GHSA-m4mm-pg93-fv78"
}
],
"release_date": "2023-03-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Undertow: Infinite loop in SslConduit during close"
},
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Keke Lian \u0026 Haoran Zhao"
],
"organization": "System and Software Security Lab in Fudan University"
}
],
"cve": "CVE-2023-3223",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"discovery_date": "2023-05-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2209689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it\u0027s possible to bypass the limit by setting the file name in the request to null.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: OutOfMemoryError due to @MultipartConfig handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3223"
},
{
"category": "external",
"summary": "RHBZ#2209689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3223",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3223"
}
],
"release_date": "2023-08-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: OutOfMemoryError due to @MultipartConfig handling"
},
{
"cve": "CVE-2023-5379",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-10-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242099"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: AJP Request closes connection exceeding maxRequestSize",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Due to AJP packet size limitation by ProxyIOBufferSize (default: 8192, max: 65536) directive on httpd side, AJP packets larger than 64KB will not reach JBoss EAP. The default value of max-header-size in JBoss EAP 7 is 1048576 (1MiB), therefore, only JBoss EAP instances with max-header-size set to 64 KB or less may be affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5379"
},
{
"category": "external",
"summary": "RHBZ#2242099",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5379",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5379"
}
],
"release_date": "2023-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: AJP Request closes connection exceeding maxRequestSize"
},
{
"acknowledgments": [
{
"names": [
"Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab"
]
}
],
"cve": "CVE-2024-1233",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2262849"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "EAP: wildfly-elytron has a SSRF security issue",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The SSRF vulnerability in JwtValidator.resolvePublicKey is considered a moderate severity issue due to its potential to allow unauthorized internal network access and exposure of sensitive information, albeit with certain constraints. The vulnerability leverages the absence of URL whitelisting or filtering when resolving the jku header, which can be exploited to make HTTP requests to arbitrary URLs. While the immediate impact might not directly compromise sensitive data or system integrity, it opens a pathway for attackers to discover and interact with internal services, potentially leading to further exploitation. The exploitation complexity and the need for an attacker to craft a malicious JWT token mitigate the severity to a moderate level, as it requires a certain degree of knowledge and capability to execute effectively.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1233"
},
{
"category": "external",
"summary": "RHBZ#2262849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262849"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1233",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1233"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1233",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1233"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-v4mm-q8fv-r2w5",
"url": "https://github.com/advisories/GHSA-v4mm-q8fv-r2w5"
},
{
"category": "external",
"summary": "https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523",
"url": "https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/WFLY-19226",
"url": "https://issues.redhat.com/browse/WFLY-19226"
}
],
"release_date": "2024-04-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "EAP: wildfly-elytron has a SSRF security issue"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-25T00:16:10+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-3.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-3.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-5.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00006.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-16.Final_redhat_00017.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-16.Final_redhat_00017.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-5.Final_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-5.Final_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-4.SP5_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.14-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-0:1.10.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-elytron-tool-0:1.10.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.14-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…