Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:5484
HistoryOct 05, 2023 - 8:11 p.m.

(RHSA-2023:5484) Important: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 7

2023-10-0520:11:22
access.redhat.com
27
red hat jboss
eap 7.4.13
security update
rhel 7
bug fixes
enhancements
cve-2023-3171
cve-2023-26464
cve-2022-25883
cve-2023-4061
cve-2023-26136
cve-2023-33201
cve-2023-34462
unix

0.004 Low

EPSS

Percentile

72.1%

JSON

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • server: eap-7: heap exhaustion via deserialization (CVE-2023-3171)

  • log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)

  • nodejs-semver: Regular expression denial of service (CVE-2022-25883)

  • wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor (CVE-2023-4061)

  • tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)

  • bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)

  • netty: netty-handler: SniHandler 16MB allocation (CVE-2023-34462)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7noarcheap7-resteasy-atom-provider< 3.15.8-1.Final_redhat_00001.1.el7eapeap7-resteasy-atom-provider-3.15.8-1.Final_redhat_00001.1.el7eap.noarch.rpm
RedHat7noarcheap7-netty-all< 4.1.94-1.Final_redhat_00001.1.el7eapeap7-netty-all-4.1.94-1.Final_redhat_00001.1.el7eap.noarch.rpm
RedHat7noarcheap7-activemq-artemis-commons< 2.16.0-15.redhat_00049.1.el7eapeap7-activemq-artemis-commons-2.16.0-15.redhat_00049.1.el7eap.noarch.rpm
RedHat7noarcheap7-activemq-artemis-jdbc-store< 2.16.0-15.redhat_00049.1.el7eapeap7-activemq-artemis-jdbc-store-2.16.0-15.redhat_00049.1.el7eap.noarch.rpm
RedHat7noarcheap7-netty-codec-http2< 4.1.94-1.Final_redhat_00001.1.el7eapeap7-netty-codec-http2-4.1.94-1.Final_redhat_00001.1.el7eap.noarch.rpm
RedHat7noarcheap7-hibernate-envers< 5.3.31-1.Final_redhat_00001.1.el7eapeap7-hibernate-envers-5.3.31-1.Final_redhat_00001.1.el7eap.noarch.rpm
RedHat7noarcheap7-netty-codec-socks< 4.1.94-1.Final_redhat_00001.1.el7eapeap7-netty-codec-socks-4.1.94-1.Final_redhat_00001.1.el7eap.noarch.rpm
RedHat7noarcheap7-netty-transport-native-unix-common< 4.1.94-1.Final_redhat_00001.1.el7eapeap7-netty-transport-native-unix-common-4.1.94-1.Final_redhat_00001.1.el7eap.noarch.rpm
RedHat7noarcheap7-bouncycastle-mail< 1.76.0-4.redhat_00001.1.el7eapeap7-bouncycastle-mail-1.76.0-4.redhat_00001.1.el7eap.noarch.rpm
RedHat7noarcheap7-hibernate-core< 5.3.31-1.Final_redhat_00001.1.el7eapeap7-hibernate-core-5.3.31-1.Final_redhat_00001.1.el7eap.noarch.rpm
Rows per page:
1-10 of 1021

Related

redhat 15
nessus 24
ibm 66
openvas 9
redhatcve 7
veracode 6
github 8
f5 1
prion 7
osv 16
cvelist 7
debiancve 5
cve 7
ubuntucve 5
cgr 4
wolfi 2
cbl_mariner 2
mageia 1
debian 3
rosalinux 1
fedora 2
oraclelinux 1
redhat
redhat
(RHSA-2023:5485) Important: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 8
2023-10-05 20:11:24
(RHSA-2023:5488) Important: Red Hat JBoss Enterprise Application Platform 7.4.13 security update
2023-10-05 20:16:39
(RHSA-2023:5486) Important: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 9
2023-10-05 20:11:26
nessus
nessus
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 9 (Important) (RHSA-2023:5486)
2023-10-06 00:00:00
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 8 (Important) (RHSA-2023:5485)
2023-10-06 00:00:00
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 7 (Important) (RHSA-2023:5484)
2023-10-05 00:00:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules tough-cookie and semver (CVE-2023-26136, CVE-2022-25883).
2023-09-19 14:52:36
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Log4j
2023-05-02 22:11:12
Security Bulletin: Vulnerability from log4j-1.2.16.jar affect IBM Operations Analytics - Log Analysis (CVE-2023-26464)
2023-05-25 06:50:43
openvas
openvas
Apache Log4j 1.x DoS Vulnerability (Mar 2023)
2023-03-13 00:00:00
openSUSE: Security Advisory for netty, netty (SUSE-SU-2023:2974-1)
2024-03-04 00:00:00
Mageia: Security Advisory (MGASA-2024-0080)
2024-04-05 00:00:00
redhatcve
redhatcve
CVE-2023-26464
2023-03-30 07:13:01
CVE-2023-26136
2023-07-06 05:57:18
CVE-2023-34462
2023-07-19 21:30:25
veracode
veracode
Denial Of Service (DoS)
2023-03-10 23:28:50
LDAP Injection
2023-07-06 02:33:48
Prototype Pollution
2023-07-11 07:35:18
github
github
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
2023-03-10 15:30:43
tough-cookie Prototype Pollution vulnerability
2023-07-01 06:30:16
netty-handler SniHandler 16MB allocation
2023-06-20 16:33:22
f5
f5
K000133409 : Log4j vulnerability CVE-2023-26464
2023-04-05 00:00:00
prion
prion
Code injection
2023-03-10 14:15:00
Design/Logic Flaw
2023-07-05 03:15:00
Code injection
2023-07-01 05:15:00
osv
osv
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
2023-03-10 15:30:43
CVE-2023-26464
2023-03-10 14:15:10
Bouncy Castle For Java LDAP injection vulnerability
2023-07-05 03:30:23
cvelist
cvelist
CVE-2023-26464 Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender
2023-03-10 13:38:16
CVE-2022-25883
2023-06-21 05:00:03
CVE-2023-33201
2023-07-05 00:00:00
debiancve
debiancve
CVE-2023-26464
2023-03-10 14:15:10
CVE-2022-25883
2023-06-21 05:15:00
CVE-2023-34462
2023-06-22 23:15:09
cve
cve
CVE-2023-26464
2023-03-10 14:15:10
CVE-2023-33201
2023-07-05 03:15:09
CVE-2023-34462
2023-06-22 23:15:09
ubuntucve
ubuntucve
CVE-2023-26464
2023-03-10 00:00:00
CVE-2023-26136
2023-07-01 00:00:00
CVE-2023-34462
2023-06-22 00:00:00
cgr
cgr
CVE-2023-33201 vulnerabilities
2024-05-19 03:07:16
CVE-2023-34462 vulnerabilities
2024-05-19 03:07:16
CVE-2023-26136 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2023-33201 vulnerabilities
2024-05-22 16:57:05
CVE-2023-34462 vulnerabilities
2024-05-22 16:57:05
cbl_mariner
cbl_mariner
CVE-2022-25883 affecting package nodejs for versions less than 16.20.1-2
2023-08-03 02:51:21
CVE-2022-25883 affecting package nodejs18 for versions less than 18.16.0-3
2023-08-03 02:51:21
mageia
mageia
Updated nodejs-tough-cookie packages fix security vulnerability
2024-03-22 03:19:51
debian
debian
[SECURITY] [DLA 3514-1] bouncycastle security update
2023-08-02 11:24:28
[SECURITY] [DLA 3488-1] node-tough-cookie security update
2023-07-10 20:35:55
[SECURITY] [DSA 5558-1] netty security update
2023-11-18 16:33:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2304
2023-12-12 12:18:26
fedora
fedora
[SECURITY] Fedora 39 Update: yarnpkg-1.22.21-2.fc39
2024-02-28 01:10:55
[SECURITY] Fedora 38 Update: yarnpkg-1.22.21-2.fc38
2024-02-28 01:41:33
oraclelinux
oraclelinux
nodejs:18 security, bug fix, and enhancement update
2023-09-28 00:00:00

0.004 Low

EPSS

Percentile

72.1%

JSON
Related for RHSA-2023:5484
redhat15nessus24ibm66openvas9redhatcve7veracode6github8f51prion7osv16cvelist7debiancve5cve7ubuntucve5cgr4wolfi2cbl_mariner2mageia1debian3rosalinux1fedora2oraclelinux1