RHSA-2024:5479
Vulnerability Summary
Timeline
Description
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.3 Security update
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Systems
- redhat•eap8-activemq-artemis
< 0:2.21.0-5.redhat_00052.1.el8eap
- redhat•eap8-activemq-artemis-cli
< 0:2.21.0-5.redhat_00052.1.el8eap
- redhat•eap8-activemq-artemis-commons
< 0:2.21.0-5.redhat_00052.1.el8eap
- redhat•eap8-activemq-artemis-core-client
< 0:2.21.0-5.redhat_00052.1.el8eap
- redhat•eap8-activemq-artemis-dto
< 0:2.21.0-5.redhat_00052.1.el8eap
- redhat•eap8-activemq-artemis-hornetq-protocol
< 0:2.21.0-5.redhat_00052.1.el8eap
- redhat•eap8-activemq-artemis-hqclient-protocol
< 0:2.21.0-5.redhat_00052.1.el8eap
- redhat•eap8-activemq-artemis-jakarta-client
< 0:2.21.0-5.redhat_00052.1.el8eap
- redhat•eap8-activemq-artemis-jakarta-ra
< 0:2.21.0-5.redhat_00052.1.el8eap
- redhat•eap8-activemq-artemis-jakarta-server
< 0:2.21.0-5.redhat_00052.1.el8eap
- redhat•eap8-activemq-artemis-jakarta-service-extensions
< 0:2.21.0-5.redhat_00052.1.el8eap
- redhat•eap8-activemq-artemis-jdbc-store
< 0:2.21.0-5.redhat_00052.1.el8eap
- redhat•eap8-activemq-artemis-journal
< 0:2.21.0-5.redhat_00052.1.el8eap
- redhat•eap8-activemq-artemis-selector
< 0:2.21.0-5.redhat_00052.1.el8eap
- redhat•eap8-activemq-artemis-server
< 0:2.21.0-5.redhat_00052.1.el8eap
- redhat•eap8-angus
< 0:2.0.3-1.redhat_00001.1.el8eap
- redhat•eap8-angus-activation
< 0:2.0.1-3.redhat_00006.1.el8eap
- redhat•eap8-angus-mail
< 0:2.0.3-1.redhat_00001.1.el8eap
- redhat•eap8-apache-commons-beanutils
< 0:1.9.4-13.redhat_00004.1.el8eap
- redhat•eap8-apache-commons-cli
< 0:1.4.0-2.redhat_00003.1.el8eap
- redhat•eap8-apache-commons-codec
< 0:1.15.0-6.redhat_00016.1.el8eap
- redhat•eap8-apache-cxf
< 0:4.0.4-1.redhat_00001.1.el8eap
- redhat•eap8-apache-cxf-rt
< 0:4.0.4-1.redhat_00001.1.el8eap
- redhat•eap8-apache-cxf-services
< 0:4.0.4-1.redhat_00001.1.el8eap
- redhat•eap8-apache-cxf-tools
< 0:4.0.4-1.redhat_00001.1.el8eap
- redhat•eap8-apache-cxf-xjc-utils
< 0:4.0.0-5.redhat_00003.1.el8eap
- redhat•eap8-apache-mime4j
< 0:0.8.11-1.redhat_00001.1.el8eap
- redhat•eap8-apache-mime4j-dom
< 0:0.8.11-1.redhat_00001.1.el8eap
- redhat•eap8-apache-mime4j-storage
< 0:0.8.11-1.redhat_00001.1.el8eap
- redhat•eap8-apache-sshd
< 0:2.12.1-2.redhat_00002.1.el8eap
- redhat•eap8-bouncycastle
< 0:1.78.1-1.redhat_00001.1.el8eap
- redhat•eap8-bouncycastle-jmail
< 0:1.78.1-1.redhat_00001.1.el8eap
- redhat•eap8-bouncycastle-pg
< 0:1.78.1-1.redhat_00001.1.el8eap
- redhat•eap8-bouncycastle-pkix
< 0:1.78.1-1.redhat_00001.1.el8eap
- redhat•eap8-bouncycastle-prov
< 0:1.78.1-1.redhat_00001.1.el8eap
- redhat•eap8-bouncycastle-util
< 0:1.78.1-1.redhat_00001.1.el8eap
- redhat•eap8-byte-buddy
< 0:1.14.18-1.redhat_00001.1.el8eap
- redhat•eap8-caffeine
< 0:3.1.8-2.redhat_00002.1.el8eap
- redhat•eap8-codemodel
< 0:4.0.5-2.redhat_00001.1.el8eap
- redhat•eap8-cxf-xjc-boolean
< 0:4.0.0-5.redhat_00003.1.el8eap
- redhat•eap8-cxf-xjc-bug986
< 0:4.0.0-5.redhat_00003.1.el8eap
- redhat•eap8-cxf-xjc-dv
< 0:4.0.0-5.redhat_00003.1.el8eap
- redhat•eap8-cxf-xjc-runtime
< 0:4.0.0-5.redhat_00003.1.el8eap
- redhat•eap8-cxf-xjc-ts
< 0:4.0.0-5.redhat_00003.1.el8eap
- redhat•eap8-eap-product-conf-parent
< 0:800.3.0-2.GA_redhat_00004.1.el8eap
- redhat•eap8-eap-product-conf-wildfly-ee-feature-pack
< 0:800.3.0-2.GA_redhat_00004.1.el8eap
- redhat•eap8-guava
< 0:33.0.0-1.jre_redhat_00002.1.el8eap
- redhat•eap8-guava-failureaccess
< 0:1.0.2-1.redhat_00001.1.el8eap
- redhat•eap8-guava-libraries
< 0:33.0.0-1.jre_redhat_00002.1.el8eap
- redhat•eap8-hal-console
< 0:3.6.19-1.Final_redhat_00001.1.el8eap
Showing first 50 affected entries in server-rendered view.
References (64)
- https://access.redhat.com/errata/RHSA-2024:5479
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/8.0/
- https://bugzilla.redhat.com/show_bug.cgi?id=2270732
- https://bugzilla.redhat.com/show_bug.cgi?id=2272907
- https://bugzilla.redhat.com/show_bug.cgi?id=2276360
- https://bugzilla.redhat.com/show_bug.cgi?id=2293025
- https://bugzilla.redhat.com/show_bug.cgi?id=2293028
- https://issues.redhat.com/browse/JBEAP-25224
- https://issues.redhat.com/browse/JBEAP-26018
- https://issues.redhat.com/browse/JBEAP-26696
- https://issues.redhat.com/browse/JBEAP-26790
- https://issues.redhat.com/browse/JBEAP-26791
- https://issues.redhat.com/browse/JBEAP-26792
- https://issues.redhat.com/browse/JBEAP-26802
- https://issues.redhat.com/browse/JBEAP-26816
- https://issues.redhat.com/browse/JBEAP-26823
- https://issues.redhat.com/browse/JBEAP-26843
- https://issues.redhat.com/browse/JBEAP-26886
- https://issues.redhat.com/browse/JBEAP-26932
- https://issues.redhat.com/browse/JBEAP-26948
- https://issues.redhat.com/browse/JBEAP-26961
- https://issues.redhat.com/browse/JBEAP-26962
- https://issues.redhat.com/browse/JBEAP-26966
- https://issues.redhat.com/browse/JBEAP-26986
- https://issues.redhat.com/browse/JBEAP-27002
- https://issues.redhat.com/browse/JBEAP-27019
- https://issues.redhat.com/browse/JBEAP-27055
- https://issues.redhat.com/browse/JBEAP-27090
- https://issues.redhat.com/browse/JBEAP-27192
- https://issues.redhat.com/browse/JBEAP-27194
- https://issues.redhat.com/browse/JBEAP-27261
- https://issues.redhat.com/browse/JBEAP-27262
- https://issues.redhat.com/browse/JBEAP-27327
- https://issues.redhat.com/browse/JBEAP-27356
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5479.json
- https://access.redhat.com/security/cve/CVE-2024-28752
- https://www.cve.org/CVERecord?id=CVE-2024-28752
- https://nvd.nist.gov/vuln/detail/CVE-2024-28752
- https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt
- https://github.com/advisories/GHSA-qmgx-j96g-4428
- https://access.redhat.com/security/cve/CVE-2024-29025
- https://www.cve.org/CVERecord?id=CVE-2024-29025
- https://nvd.nist.gov/vuln/detail/CVE-2024-29025
- https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3
- https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c
- https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v
- https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812
- https://access.redhat.com/security/cve/CVE-2024-29857
- https://www.cve.org/CVERecord?id=CVE-2024-29857
- https://nvd.nist.gov/vuln/detail/CVE-2024-29857
- https://access.redhat.com/security/cve/CVE-2024-30171
- https://www.cve.org/CVERecord?id=CVE-2024-30171
- https://nvd.nist.gov/vuln/detail/CVE-2024-30171
- https://people.redhat.com/~hkario/marvin/
- https://access.redhat.com/security/cve/CVE-2024-30172
- https://www.cve.org/CVERecord?id=CVE-2024-30172
- https://nvd.nist.gov/vuln/detail/CVE-2024-30172
- https://www.bouncycastle.org/latest_releases.html
- https://access.redhat.com/security/cve/CVE-2024-29371
- https://bugzilla.redhat.com/show_bug.cgi?id=2423194
- https://www.cve.org/CVERecord?id=CVE-2024-29371
- https://nvd.nist.gov/vuln/detail/CVE-2024-29371
- https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack