RHSA-2023:7638
Vulnerability Summary
Timeline
Description
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 8 security update
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Systems
- redhat•eap7-activemq-artemis
< 0:2.16.0-17.redhat_00051.1.el8eap
- redhat•eap7-activemq-artemis-cli
< 0:2.16.0-17.redhat_00051.1.el8eap
- redhat•eap7-activemq-artemis-commons
< 0:2.16.0-17.redhat_00051.1.el8eap
- redhat•eap7-activemq-artemis-core-client
< 0:2.16.0-17.redhat_00051.1.el8eap
- redhat•eap7-activemq-artemis-dto
< 0:2.16.0-17.redhat_00051.1.el8eap
- redhat•eap7-activemq-artemis-hornetq-protocol
< 0:2.16.0-17.redhat_00051.1.el8eap
- redhat•eap7-activemq-artemis-hqclient-protocol
< 0:2.16.0-17.redhat_00051.1.el8eap
- redhat•eap7-activemq-artemis-jdbc-store
< 0:2.16.0-17.redhat_00051.1.el8eap
- redhat•eap7-activemq-artemis-jms-client
< 0:2.16.0-17.redhat_00051.1.el8eap
- redhat•eap7-activemq-artemis-jms-server
< 0:2.16.0-17.redhat_00051.1.el8eap
- redhat•eap7-activemq-artemis-journal
< 0:2.16.0-17.redhat_00051.1.el8eap
- redhat•eap7-activemq-artemis-ra
< 0:2.16.0-17.redhat_00051.1.el8eap
- redhat•eap7-activemq-artemis-selector
< 0:2.16.0-17.redhat_00051.1.el8eap
- redhat•eap7-activemq-artemis-server
< 0:2.16.0-17.redhat_00051.1.el8eap
- redhat•eap7-activemq-artemis-service-extensions
< 0:2.16.0-17.redhat_00051.1.el8eap
- redhat•eap7-activemq-artemis-tools
< 0:2.16.0-17.redhat_00051.1.el8eap
- redhat•eap7-apache-sshd
< 0:2.9.3-1.redhat_00001.1.el8eap
- redhat•eap7-avro
< 0:1.11.3-1.redhat_00001.1.el8eap
- redhat•eap7-guava
< 0:32.1.1-2.jre_redhat_00001.1.el8eap
- redhat•eap7-guava-libraries
< 0:32.1.1-2.jre_redhat_00001.1.el8eap
- redhat•eap7-hal-console
< 0:3.3.20-1.Final_redhat_00001.1.el8eap
- redhat•eap7-hibernate
< 0:5.3.32-1.Final_redhat_00001.1.el8eap
- redhat•eap7-hibernate-core
< 0:5.3.32-1.Final_redhat_00001.1.el8eap
- redhat•eap7-hibernate-entitymanager
< 0:5.3.32-1.Final_redhat_00001.1.el8eap
- redhat•eap7-hibernate-envers
< 0:5.3.32-1.Final_redhat_00001.1.el8eap
- redhat•eap7-hibernate-java8
< 0:5.3.32-1.Final_redhat_00001.1.el8eap
- redhat•eap7-infinispan
< 0:11.0.18-1.Final_redhat_00001.1.el8eap
- redhat•eap7-infinispan-cachestore-jdbc
< 0:11.0.18-1.Final_redhat_00001.1.el8eap
- redhat•eap7-infinispan-cachestore-remote
< 0:11.0.18-1.Final_redhat_00001.1.el8eap
- redhat•eap7-infinispan-client-hotrod
< 0:11.0.18-1.Final_redhat_00001.1.el8eap
- redhat•eap7-infinispan-commons
< 0:11.0.18-1.Final_redhat_00001.1.el8eap
- redhat•eap7-infinispan-component-annotations
< 0:11.0.18-1.Final_redhat_00001.1.el8eap
- redhat•eap7-infinispan-core
< 0:11.0.18-1.Final_redhat_00001.1.el8eap
- redhat•eap7-infinispan-hibernate-cache-commons
< 0:11.0.18-1.Final_redhat_00001.1.el8eap
- redhat•eap7-infinispan-hibernate-cache-spi
< 0:11.0.18-1.Final_redhat_00001.1.el8eap
- redhat•eap7-infinispan-hibernate-cache-v53
< 0:11.0.18-1.Final_redhat_00001.1.el8eap
- redhat•eap7-jandex
< 0:2.4.4-1.Final_redhat_00001.1.el8eap
- redhat•eap7-jboss-jsp-api_2.3_spec
< 0:2.0.1-1.Final_redhat_00001.1.el8eap
- redhat•eap7-jboss-marshalling
< 0:2.0.14-1.SP1_redhat_00001.1.el8eap
- redhat•eap7-jboss-marshalling-river
< 0:2.0.14-1.SP1_redhat_00001.1.el8eap
- redhat•eap7-jboss-server-migration
< 0:1.10.0-33.Final_redhat_00032.1.el8eap
- redhat•eap7-jboss-server-migration-cli
< 0:1.10.0-33.Final_redhat_00032.1.el8eap
- redhat•eap7-jboss-server-migration-core
< 0:1.10.0-33.Final_redhat_00032.1.el8eap
- redhat•eap7-jboss-xnio-base
< 0:3.8.11-1.SP1_redhat_00001.1.el8eap
- redhat•eap7-jbossws-cxf
< 0:5.4.9-1.Final_redhat_00001.1.el8eap
- redhat•eap7-jgroups
< 0:4.2.23-1.Final_redhat_00001.1.el8eap
- redhat•eap7-undertow
< 0:2.2.28-1.SP1_redhat_00001.1.el8eap
- redhat•eap7-weld-core
< 0:3.1.10-2.Final_redhat_00001.1.el8eap
- redhat•eap7-weld-core-impl
< 0:3.1.10-2.Final_redhat_00001.1.el8eap
- redhat•eap7-weld-core-jsf
< 0:3.1.10-2.Final_redhat_00001.1.el8eap
Showing first 50 affected entries in server-rendered view.
References (69)
- https://access.redhat.com/errata/RHSA-2023:7638
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
- https://bugzilla.redhat.com/show_bug.cgi?id=2184751
- https://bugzilla.redhat.com/show_bug.cgi?id=2215229
- https://bugzilla.redhat.com/show_bug.cgi?id=2236340
- https://bugzilla.redhat.com/show_bug.cgi?id=2236341
- https://bugzilla.redhat.com/show_bug.cgi?id=2240036
- https://bugzilla.redhat.com/show_bug.cgi?id=2242521
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803
- https://issues.redhat.com/browse/JBEAP-25004
- https://issues.redhat.com/browse/JBEAP-25085
- https://issues.redhat.com/browse/JBEAP-25086
- https://issues.redhat.com/browse/JBEAP-25378
- https://issues.redhat.com/browse/JBEAP-25380
- https://issues.redhat.com/browse/JBEAP-25419
- https://issues.redhat.com/browse/JBEAP-25451
- https://issues.redhat.com/browse/JBEAP-25457
- https://issues.redhat.com/browse/JBEAP-25541
- https://issues.redhat.com/browse/JBEAP-25547
- https://issues.redhat.com/browse/JBEAP-25576
- https://issues.redhat.com/browse/JBEAP-25594
- https://issues.redhat.com/browse/JBEAP-25627
- https://issues.redhat.com/browse/JBEAP-25657
- https://issues.redhat.com/browse/JBEAP-25685
- https://issues.redhat.com/browse/JBEAP-25700
- https://issues.redhat.com/browse/JBEAP-25716
- https://issues.redhat.com/browse/JBEAP-25726
- https://issues.redhat.com/browse/JBEAP-25772
- https://issues.redhat.com/browse/JBEAP-25779
- https://issues.redhat.com/browse/JBEAP-25803
- https://issues.redhat.com/browse/JBEAP-25838
- https://issues.redhat.com/browse/JBEAP-26041
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7638.json
- https://access.redhat.com/security/cve/CVE-2023-2976
- https://www.cve.org/CVERecord?id=CVE-2023-2976
- https://nvd.nist.gov/vuln/detail/CVE-2023-2976
- https://access.redhat.com/security/cve/CVE-2023-4503
- https://www.cve.org/CVERecord?id=CVE-2023-4503
- https://nvd.nist.gov/vuln/detail/CVE-2023-4503
- https://access.redhat.com/security/cve/CVE-2023-5685
- https://bugzilla.redhat.com/show_bug.cgi?id=2241822
- https://www.cve.org/CVERecord?id=CVE-2023-5685
- https://nvd.nist.gov/vuln/detail/CVE-2023-5685
- https://access.redhat.com/security/cve/CVE-2023-26048
- https://www.cve.org/CVERecord?id=CVE-2023-26048
- https://nvd.nist.gov/vuln/detail/CVE-2023-26048
- https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8
- https://access.redhat.com/security/cve/CVE-2023-26049
- https://www.cve.org/CVERecord?id=CVE-2023-26049
- https://nvd.nist.gov/vuln/detail/CVE-2023-26049
- https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c
- https://access.redhat.com/security/cve/CVE-2023-35887
- https://www.cve.org/CVERecord?id=CVE-2023-35887
- https://nvd.nist.gov/vuln/detail/CVE-2023-35887
- https://access.redhat.com/security/cve/CVE-2023-39410
- https://www.cve.org/CVERecord?id=CVE-2023-39410
- https://nvd.nist.gov/vuln/detail/CVE-2023-39410
- https://issues.apache.org/jira/browse/AVRO-3819
- https://access.redhat.com/security/cve/CVE-2023-44487
- https://www.cve.org/CVERecord?id=CVE-2023-44487
- https://nvd.nist.gov/vuln/detail/CVE-2023-44487
- https://github.com/dotnet/announcements/issues/277
- https://pkg.go.dev/vuln/GO-2023-2102
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
- https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog