Lucene search

K
redhatRedHatRHSA-2018:2424
HistoryAug 15, 2018 - 11:19 a.m.

(RHSA-2018:2424) Important: Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL7 security update

2018-08-1511:19:18
access.redhat.com
50

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.3%

Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.

This release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)

  • bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)

  • cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services (CVE-2017-12624)

  • wildfly: wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (CVE-2018-10862)

  • cxf-core: apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in the
References section.

OSVersionArchitecturePackageVersionFilename
RedHat7noarcheap7-hibernate< 5.1.15-1.Final_redhat_1.1.ep7.el7eap7-hibernate-5.1.15-1.Final_redhat_1.1.ep7.el7.noarch.rpm
RedHat7noarcheap7-activemq-artemis-ra< 1.5.5.013-1.redhat_1.1.ep7.el7eap7-activemq-artemis-ra-1.5.5.013-1.redhat_1.1.ep7.el7.noarch.rpm
RedHat7noarcheap7-jboss-server-migration-wildfly9.0-to-eap7.1< 1.0.6-4.Final_redhat_4.1.ep7.el7eap7-jboss-server-migration-wildfly9.0-to-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el7.noarch.rpm
RedHat7noarcheap7-resteasy-yaml-provider< 3.0.26-1.Final_redhat_1.1.ep7.el7eap7-resteasy-yaml-provider-3.0.26-1.Final_redhat_1.1.ep7.el7.noarch.rpm
RedHat7noarcheap7-activemq-artemis-jms-client< 1.5.5.013-1.redhat_1.1.ep7.el7eap7-activemq-artemis-jms-client-1.5.5.013-1.redhat_1.1.ep7.el7.noarch.rpm
RedHat7noarcheap7-ironjacamar-common-api< 1.4.10-1.Final_redhat_1.1.ep7.el7eap7-ironjacamar-common-api-1.4.10-1.Final_redhat_1.1.ep7.el7.noarch.rpm
RedHat7noarcheap7-resteasy-cdi< 3.0.26-1.Final_redhat_1.1.ep7.el7eap7-resteasy-cdi-3.0.26-1.Final_redhat_1.1.ep7.el7.noarch.rpm
RedHat7noarcheap7-jboss-server-migration-eap7.0< 1.0.6-4.Final_redhat_4.1.ep7.el7eap7-jboss-server-migration-eap7.0-1.0.6-4.Final_redhat_4.1.ep7.el7.noarch.rpm
RedHat7noarcheap7-ironjacamar-validator< 1.4.10-1.Final_redhat_1.1.ep7.el7eap7-ironjacamar-validator-1.4.10-1.Final_redhat_1.1.ep7.el7.noarch.rpm
RedHat7noarcheap7-resteasy-multipart-provider< 3.0.26-1.Final_redhat_1.1.ep7.el7eap7-resteasy-multipart-provider-3.0.26-1.Final_redhat_1.1.ep7.el7.noarch.rpm
Rows per page:
1-10 of 1081

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.3%

Related for RHSA-2018:2424