RHSA-2024:5145
Vulnerability Summary
Timeline
Description
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.18 Security update
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Systems
- redhat•eap7-bouncycastle
< 0:1.78.1-1.redhat_00002.1.el9eap
- redhat•eap7-bouncycastle-mail
< 0:1.78.1-1.redhat_00002.1.el9eap
- redhat•eap7-bouncycastle-pg
< 0:1.78.1-1.redhat_00002.1.el9eap
- redhat•eap7-bouncycastle-pkix
< 0:1.78.1-1.redhat_00002.1.el9eap
- redhat•eap7-bouncycastle-prov
< 0:1.78.1-1.redhat_00002.1.el9eap
- redhat•eap7-bouncycastle-util
< 0:1.78.1-1.redhat_00002.1.el9eap
- redhat•eap7-hal-console
< 0:3.3.23-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar
< 0:1.5.17-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-common-api
< 0:1.5.17-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-common-impl
< 0:1.5.17-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-common-spi
< 0:1.5.17-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-core-api
< 0:1.5.17-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-core-impl
< 0:1.5.17-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-deployers-common
< 0:1.5.17-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-jdbc
< 0:1.5.17-1.Final_redhat_00001.1.el9eap
- redhat•eap7-ironjacamar-validator
< 0:1.5.17-1.Final_redhat_00001.1.el9eap
- redhat•eap7-jandex
< 0:2.4.5-1.Final_redhat_00001.1.el9eap
- redhat•eap7-jboss-remoting
< 0:5.0.29-1.Final_redhat_00001.1.el9eap
- redhat•eap7-jboss-server-migration
< 0:1.10.0-37.Final_redhat_00037.1.el9eap
- redhat•eap7-jboss-server-migration-cli
< 0:1.10.0-37.Final_redhat_00037.1.el9eap
- redhat•eap7-jboss-server-migration-core
< 0:1.10.0-37.Final_redhat_00037.1.el9eap
- redhat•eap7-jboss-xnio-base
< 0:3.8.16-1.Final_redhat_00001.1.el9eap
- redhat•eap7-log4j-jboss-logmanager
< 0:1.3.1-1.Final_redhat_00002.1.el9eap
- redhat•eap7-netty
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-buffer
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-dns
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-haproxy
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-http
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-http2
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-memcache
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-mqtt
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-redis
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-smtp
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-socks
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-stomp
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-codec-xml
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-common
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-handler
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-handler-proxy
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-resolver
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-resolver-dns
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-resolver-dns-classes-macos
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-transport
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-transport-classes-epoll
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-transport-classes-kqueue
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-transport-native-epoll
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-transport-native-epoll-debuginfo
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-transport-native-unix-common
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
- redhat•eap7-netty-transport-rxtx
< 0:4.1.108-1.Final_redhat_00001.1.el9eap
Showing first 50 affected entries in server-rendered view.
References (54)
- https://access.redhat.com/errata/RHSA-2024:5145
- https://access.redhat.com/articles/7073034
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
- https://bugzilla.redhat.com/show_bug.cgi?id=2268277
- https://bugzilla.redhat.com/show_bug.cgi?id=2272907
- https://bugzilla.redhat.com/show_bug.cgi?id=2274437
- https://bugzilla.redhat.com/show_bug.cgi?id=2276360
- https://bugzilla.redhat.com/show_bug.cgi?id=2292211
- https://bugzilla.redhat.com/show_bug.cgi?id=2293025
- https://bugzilla.redhat.com/show_bug.cgi?id=2293028
- https://issues.redhat.com/browse/JBEAP-26292
- https://issues.redhat.com/browse/JBEAP-26835
- https://issues.redhat.com/browse/JBEAP-27017
- https://issues.redhat.com/browse/JBEAP-27056
- https://issues.redhat.com/browse/JBEAP-27078
- https://issues.redhat.com/browse/JBEAP-27079
- https://issues.redhat.com/browse/JBEAP-27101
- https://issues.redhat.com/browse/JBEAP-27181
- https://issues.redhat.com/browse/JBEAP-27290
- https://issues.redhat.com/browse/JBEAP-27352
- https://issues.redhat.com/browse/JBEAP-27353
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5145.json
- https://access.redhat.com/security/cve/CVE-2024-3653
- https://www.cve.org/CVERecord?id=CVE-2024-3653
- https://nvd.nist.gov/vuln/detail/CVE-2024-3653
- https://access.redhat.com/security/cve/CVE-2024-5971
- https://www.cve.org/CVERecord?id=CVE-2024-5971
- https://nvd.nist.gov/vuln/detail/CVE-2024-5971
- https://access.redhat.com/security/cve/CVE-2024-27316
- https://www.cve.org/CVERecord?id=CVE-2024-27316
- https://nvd.nist.gov/vuln/detail/CVE-2024-27316
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://nowotarski.info/http2-continuation-flood/
- https://www.kb.cert.org/vuls/id/421644
- https://access.redhat.com/security/cve/CVE-2024-29025
- https://www.cve.org/CVERecord?id=CVE-2024-29025
- https://nvd.nist.gov/vuln/detail/CVE-2024-29025
- https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3
- https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c
- https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v
- https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812
- https://access.redhat.com/security/cve/CVE-2024-29857
- https://www.cve.org/CVERecord?id=CVE-2024-29857
- https://nvd.nist.gov/vuln/detail/CVE-2024-29857
- https://access.redhat.com/security/cve/CVE-2024-30171
- https://www.cve.org/CVERecord?id=CVE-2024-30171
- https://nvd.nist.gov/vuln/detail/CVE-2024-30171
- https://people.redhat.com/~hkario/marvin/
- https://access.redhat.com/security/cve/CVE-2024-30172
- https://www.cve.org/CVERecord?id=CVE-2024-30172
- https://nvd.nist.gov/vuln/detail/CVE-2024-30172
- https://www.bouncycastle.org/latest_releases.html