RHSA-2024:5856

Description

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.7 on RHEL 7 security update

CVSS Metrics

• v3.0•CRITICAL•Score: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• redhat•eap7-apache-commons-beanutils

  < 0:1.9.4-1.redhat_00002.1.ep7.el7

• redhat•eap7-infinispan

  < 0:8.2.11-1.SP2_redhat_00001.1.ep7.el7

• redhat•eap7-infinispan-cachestore-jdbc

  < 0:8.2.11-1.SP2_redhat_00001.1.ep7.el7

• redhat•eap7-infinispan-cachestore-remote

  < 0:8.2.11-1.SP2_redhat_00001.1.ep7.el7

• redhat•eap7-infinispan-client-hotrod

  < 0:8.2.11-1.SP2_redhat_00001.1.ep7.el7

• redhat•eap7-infinispan-commons

  < 0:8.2.11-1.SP2_redhat_00001.1.ep7.el7

• redhat•eap7-infinispan-core

  < 0:8.2.11-1.SP2_redhat_00001.1.ep7.el7

• redhat•eap7-jackson-databind

  < 0:2.8.11.5-1.redhat_00001.1.ep7.el7

• redhat•eap7-log4j-jboss-logmanager

  < 0:1.2.2-1.Final_redhat_00002.1.ep7.el7

• redhat•eap7-netty

  < 0:4.1.45-1.Final_redhat_00001.1.ep7.el7

• redhat•eap7-netty-all

  < 0:4.1.45-1.Final_redhat_00001.1.ep7.el7

• redhat•eap7-undertow

  < 0:1.4.18-12.SP12_redhat_00001.1.ep7.el7

• redhat•eap7-wildfly

  < 0:7.1.7-2.GA_redhat_00002.1.ep7.el7

• redhat•eap7-wildfly-elytron

  < 0:1.1.13-1.Final_redhat_00001.1.ep7.el7

• redhat•eap7-wildfly-modules

  < 0:7.1.7-2.GA_redhat_00002.1.ep7.el7

References (110)

• https://access.redhat.com/errata/RHSA-2024:5856
• https://access.redhat.com/security/updates/classification/#important
• https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1
• https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index
• https://bugzilla.redhat.com/show_bug.cgi?id=1703469
• https://bugzilla.redhat.com/show_bug.cgi?id=1725807
• https://bugzilla.redhat.com/show_bug.cgi?id=1735645
• https://bugzilla.redhat.com/show_bug.cgi?id=1735744
• https://bugzilla.redhat.com/show_bug.cgi?id=1735745
• https://bugzilla.redhat.com/show_bug.cgi?id=1737517
• https://bugzilla.redhat.com/show_bug.cgi?id=1741860
• https://bugzilla.redhat.com/show_bug.cgi?id=1752770
• https://bugzilla.redhat.com/show_bug.cgi?id=1752980
• https://bugzilla.redhat.com/show_bug.cgi?id=1758619
• https://bugzilla.redhat.com/show_bug.cgi?id=1767483
• https://bugzilla.redhat.com/show_bug.cgi?id=1772464
• https://bugzilla.redhat.com/show_bug.cgi?id=1775293
• https://bugzilla.redhat.com/show_bug.cgi?id=1793970
• https://bugzilla.redhat.com/show_bug.cgi?id=1798509
• https://bugzilla.redhat.com/show_bug.cgi?id=1798524
• https://bugzilla.redhat.com/show_bug.cgi?id=1807305
• https://bugzilla.redhat.com/show_bug.cgi?id=2031667
• https://bugzilla.redhat.com/show_bug.cgi?id=2041949
• https://bugzilla.redhat.com/show_bug.cgi?id=2041959
• https://bugzilla.redhat.com/show_bug.cgi?id=2041967
• https://issues.redhat.com/browse/JBEAP-24826
• https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5856.json
• https://access.redhat.com/security/cve/CVE-2019-9511
• https://www.cve.org/CVERecord?id=CVE-2019-9511
• https://nvd.nist.gov/vuln/detail/CVE-2019-9511
• https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
• https://kb.cert.org/vuls/id/605641/
• https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
• https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/
• https://access.redhat.com/security/cve/CVE-2019-9512
• https://www.cve.org/CVERecord?id=CVE-2019-9512
• https://nvd.nist.gov/vuln/detail/CVE-2019-9512
• https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg
• https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA
• https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html
• https://access.redhat.com/security/cve/CVE-2019-9514
• https://www.cve.org/CVERecord?id=CVE-2019-9514
• https://nvd.nist.gov/vuln/detail/CVE-2019-9514
• https://access.redhat.com/security/cve/CVE-2019-9515
• https://www.cve.org/CVERecord?id=CVE-2019-9515
• https://nvd.nist.gov/vuln/detail/CVE-2019-9515
• https://access.redhat.com/security/cve/CVE-2019-10086
• https://www.cve.org/CVERecord?id=CVE-2019-10086
• https://nvd.nist.gov/vuln/detail/CVE-2019-10086
• https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt
• https://access.redhat.com/security/cve/CVE-2019-10174
• https://www.cve.org/CVERecord?id=CVE-2019-10174
• https://nvd.nist.gov/vuln/detail/CVE-2019-10174
• https://access.redhat.com/security/cve/CVE-2019-12384
• https://www.cve.org/CVERecord?id=CVE-2019-12384
• https://nvd.nist.gov/vuln/detail/CVE-2019-12384
• https://access.redhat.com/security/cve/CVE-2019-14379
• https://www.cve.org/CVERecord?id=CVE-2019-14379
• https://nvd.nist.gov/vuln/detail/CVE-2019-14379
• https://access.redhat.com/security/cve/CVE-2019-14843
• https://www.cve.org/CVERecord?id=CVE-2019-14843
• https://nvd.nist.gov/vuln/detail/CVE-2019-14843
• https://access.redhat.com/security/cve/CVE-2019-14888
• https://www.cve.org/CVERecord?id=CVE-2019-14888
• https://nvd.nist.gov/vuln/detail/CVE-2019-14888
• https://access.redhat.com/security/cve/CVE-2019-16869
• https://www.cve.org/CVERecord?id=CVE-2019-16869
• https://nvd.nist.gov/vuln/detail/CVE-2019-16869
• https://access.redhat.com/security/cve/CVE-2019-17531
• https://www.cve.org/CVERecord?id=CVE-2019-17531
• https://nvd.nist.gov/vuln/detail/CVE-2019-17531
• https://access.redhat.com/security/cve/CVE-2019-20444
• https://www.cve.org/CVERecord?id=CVE-2019-20444
• https://nvd.nist.gov/vuln/detail/CVE-2019-20444
• https://github.com/elastic/elasticsearch/issues/49396
• https://access.redhat.com/security/cve/CVE-2019-20445
• https://www.cve.org/CVERecord?id=CVE-2019-20445
• https://nvd.nist.gov/vuln/detail/CVE-2019-20445
• https://access.redhat.com/security/cve/CVE-2020-1710
• https://www.cve.org/CVERecord?id=CVE-2020-1710
• https://nvd.nist.gov/vuln/detail/CVE-2020-1710
• https://access.redhat.com/security/cve/CVE-2020-1745
• https://www.cve.org/CVERecord?id=CVE-2020-1745
• https://nvd.nist.gov/vuln/detail/CVE-2020-1745
• https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/
• https://www.cnvd.org.cn/webinfo/show/5415
• https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487
• https://access.redhat.com/security/cve/CVE-2020-1757
• https://www.cve.org/CVERecord?id=CVE-2020-1757
• https://nvd.nist.gov/vuln/detail/CVE-2020-1757
• https://access.redhat.com/security/cve/CVE-2021-4104
• https://access.redhat.com/security/vulnerabilities/RHSB-2021-009
• https://www.cve.org/CVERecord?id=CVE-2021-4104
• https://nvd.nist.gov/vuln/detail/CVE-2021-4104
• https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
• https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301
• https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx
• https://www.openwall.com/lists/oss-security/2021/12/13/1
• https://access.redhat.com/security/cve/CVE-2022-23302
• https://www.cve.org/CVERecord?id=CVE-2022-23302
• https://nvd.nist.gov/vuln/detail/CVE-2022-23302
• https://www.openwall.com/lists/oss-security/2022/01/18/3
• https://access.redhat.com/security/cve/CVE-2022-23305
• https://www.cve.org/CVERecord?id=CVE-2022-23305
• https://nvd.nist.gov/vuln/detail/CVE-2022-23305
• https://www.openwall.com/lists/oss-security/2022/01/18/4
• https://access.redhat.com/security/cve/CVE-2022-23307
• https://www.cve.org/CVERecord?id=CVE-2022-23307
• https://nvd.nist.gov/vuln/detail/CVE-2022-23307
• https://www.openwall.com/lists/oss-security/2022/01/18/5