Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:5485
HistoryOct 05, 2023 - 8:11 p.m.

(RHSA-2023:5485) Important: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 8

2023-10-0520:11:24
access.redhat.com
27
red hat jboss
eap 7.4.13
rhel 8
cve fixes
security update
java applications
wildfly runtime
bug fixes
enhancements
release notes
cvss score
references

0.004 Low

EPSS

Percentile

72.1%

JSON

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • server: eap-7: heap exhaustion via deserialization (CVE-2023-3171)

  • log4j: log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)

  • nodejs-semver: Regular expression denial of service (CVE-2022-25883)

  • wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor (CVE-2023-4061)

  • tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)

  • bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)

  • netty: netty-handler: SniHandler 16MB allocation (CVE-2023-34462)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8noarcheap7-resteasy-jackson-provider< 3.15.8-1.Final_redhat_00001.1.el8eapeap7-resteasy-jackson-provider-3.15.8-1.Final_redhat_00001.1.el8eap.noarch.rpm
RedHat8noarcheap7-netty-codec-dns< 4.1.94-1.Final_redhat_00001.1.el8eapeap7-netty-codec-dns-4.1.94-1.Final_redhat_00001.1.el8eap.noarch.rpm
RedHat8noarcheap7-resteasy-yaml-provider< 3.15.8-1.Final_redhat_00001.1.el8eapeap7-resteasy-yaml-provider-3.15.8-1.Final_redhat_00001.1.el8eap.noarch.rpm
RedHat8noarcheap7-jboss-modules< 1.12.2-1.Final_redhat_00001.1.el8eapeap7-jboss-modules-1.12.2-1.Final_redhat_00001.1.el8eap.noarch.rpm
RedHat8noarcheap7-netty-transport-sctp< 4.1.94-1.Final_redhat_00001.1.el8eapeap7-netty-transport-sctp-4.1.94-1.Final_redhat_00001.1.el8eap.noarch.rpm
RedHat8noarcheap7-netty-transport< 4.1.94-1.Final_redhat_00001.1.el8eapeap7-netty-transport-4.1.94-1.Final_redhat_00001.1.el8eap.noarch.rpm
RedHat8noarcheap7-bouncycastle-pkix< 1.76.0-4.redhat_00001.1.el8eapeap7-bouncycastle-pkix-1.76.0-4.redhat_00001.1.el8eap.noarch.rpm
RedHat8noarcheap7-netty-codec-http< 4.1.94-1.Final_redhat_00001.1.el8eapeap7-netty-codec-http-4.1.94-1.Final_redhat_00001.1.el8eap.noarch.rpm
RedHat8noarcheap7-ironjacamar-deployers-common< 1.5.15-1.Final_redhat_00001.1.el8eapeap7-ironjacamar-deployers-common-1.5.15-1.Final_redhat_00001.1.el8eap.noarch.rpm
RedHat8noarcheap7-activemq-artemis-tools< 2.16.0-15.redhat_00049.1.el8eapeap7-activemq-artemis-tools-2.16.0-15.redhat_00049.1.el8eap.noarch.rpm
Rows per page:
1-10 of 1031

Related

nessus 24
redhat 16
ibm 65
openvas 9
veracode 6
redhatcve 7
github 8
prion 7
osv 16
cvelist 7
f5 1
cve 7
cgr 4
cbl_mariner 2
ubuntucve 5
debiancve 5
wolfi 2
debian 3
mageia 1
rosalinux 1
fedora 2
oraclelinux 1
nessus
nessus
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 8 (Important) (RHSA-2023:5485)
2023-10-06 00:00:00
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 9 (Important) (RHSA-2023:5486)
2023-10-06 00:00:00
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 7 (Important) (RHSA-2023:5484)
2023-10-05 00:00:00
redhat
redhat
(RHSA-2023:5486) Important: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 9
2023-10-05 20:11:26
(RHSA-2023:5488) Important: Red Hat JBoss Enterprise Application Platform 7.4.13 security update
2023-10-05 20:16:39
(RHSA-2023:5484) Important: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 7
2023-10-05 20:11:22
ibm
ibm
Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules tough-cookie and semver (CVE-2023-26136, CVE-2022-25883).
2023-09-19 14:52:36
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Log4j
2023-05-02 22:11:12
Security Bulletin: Vulnerability from log4j-1.2.16.jar affect IBM Operations Analytics - Log Analysis (CVE-2023-26464)
2023-05-25 06:50:43
openvas
openvas
Apache Log4j 1.x DoS Vulnerability (Mar 2023)
2023-03-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:2843-1)
2023-07-17 00:00:00
Debian: Security Advisory (DLA-3514-1)
2023-08-03 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-03-10 23:28:50
Prototype Pollution
2023-07-11 07:35:18
LDAP Injection
2023-07-06 02:33:48
redhatcve
redhatcve
CVE-2023-26464
2023-03-30 07:13:01
CVE-2023-26136
2023-07-06 05:57:18
CVE-2023-33201
2023-06-29 16:28:41
github
github
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
2023-03-10 15:30:43
tough-cookie Prototype Pollution vulnerability
2023-07-01 06:30:16
Bouncy Castle For Java LDAP injection vulnerability
2023-07-05 03:30:23
prion
prion
Code injection
2023-03-10 14:15:00
Design/Logic Flaw
2023-07-05 03:15:00
Code injection
2023-07-01 05:15:00
osv
osv
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
2023-03-10 15:30:43
Bouncy Castle For Java LDAP injection vulnerability
2023-07-05 03:30:23
semver vulnerable to Regular Expression Denial of Service
2023-06-21 06:30:28
cvelist
cvelist
CVE-2023-26464 Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender
2023-03-10 13:38:16
CVE-2023-33201
2023-07-05 00:00:00
CVE-2022-25883
2023-06-21 05:00:03
f5
f5
K000133409 : Log4j vulnerability CVE-2023-26464
2023-04-05 00:00:00
cve
cve
CVE-2023-33201
2023-07-05 03:15:09
CVE-2023-26136
2023-07-01 05:15:16
CVE-2023-26464
2023-03-10 14:15:10
cgr
cgr
CVE-2023-33201 vulnerabilities
2024-05-18 03:08:02
CVE-2023-26136 vulnerabilities
2024-05-18 03:08:02
CVE-2023-34462 vulnerabilities
2024-05-18 03:08:02
cbl_mariner
cbl_mariner
CVE-2022-25883 affecting package nodejs for versions less than 16.20.1-2
2023-08-03 02:51:21
CVE-2022-25883 affecting package nodejs18 for versions less than 18.16.0-3
2023-08-03 02:51:21
ubuntucve
ubuntucve
CVE-2023-26136
2023-07-01 00:00:00
CVE-2023-26464
2023-03-10 00:00:00
CVE-2023-33201
2023-07-05 00:00:00
debiancve
debiancve
CVE-2023-26464
2023-03-10 14:15:10
CVE-2022-25883
2023-06-21 05:15:00
CVE-2023-33201
2023-07-05 03:15:09
wolfi
wolfi
CVE-2023-33201 vulnerabilities
2024-05-18 03:12:40
CVE-2023-34462 vulnerabilities
2024-05-18 03:12:40
debian
debian
[SECURITY] [DLA 3514-1] bouncycastle security update
2023-08-02 11:24:28
[SECURITY] [DLA 3488-1] node-tough-cookie security update
2023-07-10 20:35:55
[SECURITY] [DSA 5558-1] netty security update
2023-11-18 16:51:13
mageia
mageia
Updated nodejs-tough-cookie packages fix security vulnerability
2024-03-22 03:19:51
rosalinux
rosalinux
Advisory ROSA-SA-2023-2304
2023-12-12 12:18:26
fedora
fedora
[SECURITY] Fedora 38 Update: yarnpkg-1.22.21-2.fc38
2024-02-28 01:41:33
[SECURITY] Fedora 39 Update: yarnpkg-1.22.21-2.fc39
2024-02-28 01:10:55
oraclelinux
oraclelinux
nodejs:18 security, bug fix, and enhancement update
2023-09-28 00:00:00

0.004 Low

EPSS

Percentile

72.1%

JSON
Related for RHSA-2023:5485
nessus24redhat16ibm65openvas9veracode6redhatcve7github8prion7osv16cvelist7f51cve7cgr4cbl_mariner2ubuntucve5debiancve5wolfi2debian3mageia1rosalinux1fedora2oraclelinux1