(RHSA-2020:0962) Important: Red Hat JBoss Enterprise Application Platform 7.3 security update

2020-03-24T15:07:40
ID RHSA-2020:0962
Type redhat
Reporter RedHat
Modified 2020-03-24T15:21:45

Description

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

Security Fix(es):

  • The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887)

  • libthrift: thrift: Endless loop when feed with specific input data (CVE-2019-0205)

  • libthrift: thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)

  • undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.