Lucene search

K
redhatRedHatRHSA-2021:5149
HistoryDec 15, 2021 - 2:24 p.m.

(RHSA-2021:5149) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.10 security update on RHEL 6

2021-12-1514:24:37
access.redhat.com
12

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.8%

This release of Red Hat JBoss Enterprise Application Platform 7.3.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.10 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)

  • wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)

  • wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users (CVE-2021-3717)

  • jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)

  • xml-security: XPath Transform abuse allows for information disclosure (CVE-2021-40690)

  • resteasy: Error message exposes endpoint class information (CVE-2021-20289)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat6noarcheap7-jboss-server-migration-wildfly13.0-server< 1.7.2-10.Final_redhat_00011.1.el6eapeap7-jboss-server-migration-wildfly13.0-server-1.7.2-10.Final_redhat_00011.1.el6eap.noarch.rpm
RedHat6noarcheap7-jakarta-el< 3.0.3-3.redhat_00007.1.el6eapeap7-jakarta-el-3.0.3-3.redhat_00007.1.el6eap.noarch.rpm
RedHat6noarcheap7-resteasy-rxjava2< 3.11.5-1.Final_redhat_00001.1.el6eapeap7-resteasy-rxjava2-3.11.5-1.Final_redhat_00001.1.el6eap.noarch.rpm
RedHat6noarcheap7-jboss-server-migration-cli< 1.7.2-10.Final_redhat_00011.1.el6eapeap7-jboss-server-migration-cli-1.7.2-10.Final_redhat_00011.1.el6eap.noarch.rpm
RedHat6noarcheap7-resteasy-jsapi< 3.11.5-1.Final_redhat_00001.1.el6eapeap7-resteasy-jsapi-3.11.5-1.Final_redhat_00001.1.el6eap.noarch.rpm
RedHat6noarcheap7-ironjacamar-core-impl< 1.5.3-1.Final_redhat_00001.1.el6eapeap7-ironjacamar-core-impl-1.5.3-1.Final_redhat_00001.1.el6eap.noarch.rpm
RedHat6noarcheap7-jboss-server-migration-wildfly9.0< 1.7.2-10.Final_redhat_00011.1.el6eapeap7-jboss-server-migration-wildfly9.0-1.7.2-10.Final_redhat_00011.1.el6eap.noarch.rpm
RedHat6noarcheap7-jboss-server-migration-eap7.2-to-eap7.3< 1.7.2-10.Final_redhat_00011.1.el6eapeap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-10.Final_redhat_00011.1.el6eap.noarch.rpm
RedHat6noarcheap7-resteasy-jackson-provider< 3.11.5-1.Final_redhat_00001.1.el6eapeap7-resteasy-jackson-provider-3.11.5-1.Final_redhat_00001.1.el6eap.noarch.rpm
RedHat6noarcheap7-ironjacamar-common-spi< 1.5.3-1.Final_redhat_00001.1.el6eapeap7-ironjacamar-common-spi-1.5.3-1.Final_redhat_00001.1.el6eap.noarch.rpm
Rows per page:
1-10 of 721

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.8%

Related for RHSA-2021:5149