logo
DATABASE RESOURCES PRICING ABOUT US

(RHSA-2017:1411) Moderate: JBoss Enterprise Application Platform 7.0.6 on Red Hat Enterprise Linux 7

Description

Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy. (CVE-2016-9606) * It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. (CVE-2017-2595) * It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. (CVE-2017-2666) * It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS. (CVE-2017-2670) Red Hat would like to thank Moritz Bechler (AgNO3 GmbH & Co. KG) for reporting CVE-2016-9606 and Gregory Ramsperger and Ryan Moak for reporting CVE-2017-2670. The CVE-2017-2666 issue was discovered by Radim Hatlapatka (Red Hat).


Affected Package


OS OS Version Package Name Package Version
RedHat 7 eap7-resteasy 3.0.19-5.SP3_redhat_1.1.ep7.el7
RedHat 7 eap7-activemq-artemis-commons 1.1.0-17.SP20_redhat_1.1.ep7.el7
RedHat 7 eap7-apache-cxf-services 3.1.10-2.redhat_1.1.ep7.el7
RedHat 7 eap7-jboss-xnio-base 3.4.4-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-wss4j-ws-security-stax 2.1.8-2.redhat_1.1.ep7.el7
RedHat 7 eap7-jboss-metadata-appclient 10.0.1-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-ironjacamar-deployers-common 1.3.6-2.Final_redhat_2.1.ep7.el7
RedHat 7 eap7-picketlink-bindings 2.5.5-8.SP7_redhat_2.1.ep7.el7
RedHat 7 eap7-activemq-artemis-hornetq-protocol 1.1.0-17.SP20_redhat_1.1.ep7.el7
RedHat 7 eap7-hibernate-java8 5.0.13-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-apache-cxf-rt 3.1.10-2.redhat_1.1.ep7.el7
RedHat 7 eap7-activemq-artemis-dto 1.1.0-17.SP20_redhat_1.1.ep7.el7
RedHat 7 eap7-commons-logging-jboss-logmanager 1.0.0-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-wss4j 2.1.8-2.redhat_1.1.ep7.el7
RedHat 7 eap7-picketbox-infinispan 4.9.8-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-undertow 1.3.28-4.Final_redhat_4.1.ep7.el7
RedHat 7 eap7-ironjacamar-common-api 1.3.6-2.Final_redhat_2.1.ep7.el7
RedHat 7 eap7-picketlink-common 2.5.5-8.SP7_redhat_2.1.ep7.el7
RedHat 7 eap7-hibernate-entitymanager 5.0.13-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-picketbox 4.9.8-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-wss4j-ws-security-policy-stax 2.1.8-2.redhat_1.1.ep7.el7
RedHat 7 eap7-apache-cxf 3.1.10-2.redhat_1.1.ep7.el7
RedHat 7 eap7-wildfly-javadocs 7.0.6-2.GA_redhat_3.1.ep7.el7
RedHat 7 eap7-jboss-xnio-base 3.4.4-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-hibernate 5.0.13-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-hibernate-core 5.0.13-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-jboss-metadata 10.0.1-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-ironjacamar-core-api 1.3.6-2.Final_redhat_2.1.ep7.el7
RedHat 7 eap7-picketlink-api 2.5.5-8.SP7_redhat_2.1.ep7.el7
RedHat 7 eap7-resteasy-crypto 3.0.19-5.SP3_redhat_1.1.ep7.el7
RedHat 7 eap7-undertow 1.3.28-4.Final_redhat_4.1.ep7.el7
RedHat 7 eap7-resteasy-cdi 3.0.19-5.SP3_redhat_1.1.ep7.el7
RedHat 7 eap7-jbossws-common 3.1.5-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-picketlink-wildfly8 2.5.5-8.SP7_redhat_2.1.ep7.el7
RedHat 7 eap7-ironjacamar-core-impl 1.3.6-2.Final_redhat_2.1.ep7.el7
RedHat 7 eap7-picketlink-federation 2.5.5-8.SP7_redhat_2.1.ep7.el7
RedHat 7 eap7-infinispan-commons 8.1.8-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-infinispan 8.1.8-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-ironjacamar 1.3.6-2.Final_redhat_2.1.ep7.el7
RedHat 7 eap7-jboss-metadata 10.0.1-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-apache-cxf 3.1.10-2.redhat_1.1.ep7.el7
RedHat 7 eap7-wss4j-ws-security-common 2.1.8-2.redhat_1.1.ep7.el7
RedHat 7 eap7-jboss-ejb-client 2.1.8-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-jboss-logging 3.3.1-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-jboss-metadata-ejb 10.0.1-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-activemq-artemis-ra 1.1.0-17.SP20_redhat_1.1.ep7.el7
RedHat 7 eap7-hibernate-envers 5.0.13-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-picketlink-idm-simple-schema 2.5.5-8.SP7_redhat_2.1.ep7.el7
RedHat 7 eap7-resteasy-jaxb-provider 3.0.19-5.SP3_redhat_1.1.ep7.el7
RedHat 7 eap7-jboss-security-negotiation 3.0.4-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-resteasy-jsapi 3.0.19-5.SP3_redhat_1.1.ep7.el7
RedHat 7 eap7-resteasy-async-http-servlet-3.0 3.0.19-5.SP3_redhat_1.1.ep7.el7
RedHat 7 eap7-resteasy-client 3.0.19-5.SP3_redhat_1.1.ep7.el7
RedHat 7 eap7-activemq-artemis 1.1.0-17.SP20_redhat_1.1.ep7.el7
RedHat 7 eap7-ironjacamar-common-impl 1.3.6-2.Final_redhat_2.1.ep7.el7
RedHat 7 eap7-hibernate 5.0.13-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-glassfish-javamail 1.5.5-2.redhat_2.1.ep7.el7
RedHat 7 eap7-resteasy-jose-jwt 3.0.19-5.SP3_redhat_1.1.ep7.el7
RedHat 7 eap7-picketlink-idm-api 2.5.5-8.SP7_redhat_2.1.ep7.el7
RedHat 7 eap7-jbossws-cxf 5.1.8-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-infinispan-client-hotrod 8.1.8-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-jboss-ejb-client 2.1.8-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-resteasy-jettison-provider 3.0.19-5.SP3_redhat_1.1.ep7.el7
RedHat 7 eap7-jbossws-common 3.1.5-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-wildfly-elytron 1.0.4-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-jboss-remoting 4.0.22-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-jboss-security-negotiation 3.0.4-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-jboss-remoting 4.0.22-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-jboss-logging 3.3.1-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-activemq-artemis 1.1.0-17.SP20_redhat_1.1.ep7.el7
RedHat 7 eap7-glassfish-javamail 1.5.5-2.redhat_2.1.ep7.el7
RedHat 7 eap7-resteasy-yaml-provider 3.0.19-5.SP3_redhat_1.1.ep7.el7
RedHat 7 eap7-apache-cxf-tools 3.1.10-2.redhat_1.1.ep7.el7
RedHat 7 eap7-picketlink-impl 2.5.5-8.SP7_redhat_2.1.ep7.el7
RedHat 7 eap7-ironjacamar 1.3.6-2.Final_redhat_2.1.ep7.el7
RedHat 7 eap7-jboss-metadata-common 10.0.1-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-wildfly-javadocs 7.0.6-2.GA_redhat_3.1.ep7.el7
RedHat 7 eap7-jbossws-common-tools 1.2.3-2.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-jboss-metadata-ear 10.0.1-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-jbossws-cxf 5.1.8-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-wss4j-policy 2.1.8-2.redhat_1.1.ep7.el7
RedHat 7 eap7-activemq-artemis-server 1.1.0-17.SP20_redhat_1.1.ep7.el7
RedHat 7 eap7-activemq-artemis-jms-server 1.1.0-17.SP20_redhat_1.1.ep7.el7
RedHat 7 eap7-hibernate-infinispan 5.0.13-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-wildfly-modules 7.0.6-4.GA_redhat_2.1.ep7.el7
RedHat 7 eap7-infinispan-core 8.1.8-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-jbossws-spi 3.1.4-2.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-activemq-artemis-cli 1.1.0-17.SP20_redhat_1.1.ep7.el7
RedHat 7 eap7-resteasy-spring 3.0.19-5.SP3_redhat_1.1.ep7.el7
RedHat 7 eap7-resteasy-atom-provider 3.0.19-5.SP3_redhat_1.1.ep7.el7
RedHat 7 eap7-ironjacamar-validator 1.3.6-2.Final_redhat_2.1.ep7.el7
RedHat 7 eap7-jboss-el-api_3.0_spec 1.0.8-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-activemq-artemis-native 1.1.0-17.SP20_redhat_1.1.ep7.el7
RedHat 7 eap7-wildfly 7.0.6-4.GA_redhat_2.1.ep7.el7
RedHat 7 eap7-picketlink-config 2.5.5-8.SP7_redhat_2.1.ep7.el7
RedHat 7 eap7-activemq-artemis-service-extensions 1.1.0-17.SP20_redhat_1.1.ep7.el7
RedHat 7 eap7-jbossws-common-tools 1.2.3-2.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-activemq-artemis-core-client 1.1.0-17.SP20_redhat_1.1.ep7.el7
RedHat 7 eap7-wildfly 7.0.6-4.GA_redhat_2.1.ep7.el7
RedHat 7 eap7-resteasy-jackson-provider 3.0.19-5.SP3_redhat_1.1.ep7.el7
RedHat 7 eap7-resteasy-jaxrs 3.0.19-5.SP3_redhat_1.1.ep7.el7
RedHat 7 eap7-jboss-el-api_3.0_spec 1.0.8-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-jbossws-spi 3.1.4-2.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-resteasy-multipart-provider 3.0.19-5.SP3_redhat_1.1.ep7.el7
RedHat 7 eap7-activemq-artemis-journal 1.1.0-17.SP20_redhat_1.1.ep7.el7
RedHat 7 eap7-wildfly-elytron 1.0.4-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-picketlink-bindings 2.5.5-8.SP7_redhat_2.1.ep7.el7
RedHat 7 eap7-wss4j 2.1.8-2.redhat_1.1.ep7.el7
RedHat 7 eap7-activemq-artemis-jms-client 1.1.0-17.SP20_redhat_1.1.ep7.el7
RedHat 7 eap7-hibernate-validator 5.2.5-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-picketlink-idm-impl 2.5.5-8.SP7_redhat_2.1.ep7.el7
RedHat 7 eap7-hibernate-validator 5.2.5-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-wss4j-bindings 2.1.8-2.redhat_1.1.ep7.el7
RedHat 7 eap7-jboss-metadata-web 10.0.1-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-resteasy-jackson2-provider 3.0.19-5.SP3_redhat_1.1.ep7.el7
RedHat 7 eap7-infinispan 8.1.8-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-jboss-modules 1.5.3-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-ironjacamar-common-spi 1.3.6-2.Final_redhat_2.1.ep7.el7
RedHat 7 eap7-ironjacamar-jdbc 1.3.6-2.Final_redhat_2.1.ep7.el7
RedHat 7 eap7-resteasy-validator-provider-11 3.0.19-5.SP3_redhat_1.1.ep7.el7
RedHat 7 eap7-activemq-artemis-hqclient-protocol 1.1.0-17.SP20_redhat_1.1.ep7.el7
RedHat 7 eap7-commons-logging-jboss-logmanager 1.0.0-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-hibernate-validator-cdi 5.2.5-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-infinispan-cachestore-jdbc 8.1.8-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-activemq-artemis-selector 1.1.0-17.SP20_redhat_1.1.ep7.el7
RedHat 7 eap7-jboss-modules 1.5.3-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-resteasy-json-p-provider 3.0.19-5.SP3_redhat_1.1.ep7.el7
RedHat 7 eap7-infinispan-cachestore-remote 8.1.8-1.Final_redhat_1.1.ep7.el7
RedHat 7 eap7-resteasy 3.0.19-5.SP3_redhat_1.1.ep7.el7
RedHat 7 eap7-picketlink-federation 2.5.5-8.SP7_redhat_2.1.ep7.el7
RedHat 7 eap7-wss4j-ws-security-dom 2.1.8-2.redhat_1.1.ep7.el7
RedHat 7 eap7-picketbox 4.9.8-1.Final_redhat_1.1.ep7.el7

Related