9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.8%
This release of Red Hat Fuse 7.12.1 serves as a replacement for Red Hat Fuse 7.12 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.
Security Fix(es):
A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.
OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack (CVE-2023-46604)
undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223)
okio: GzipSource class improper exception handling (CVE-2023-3635)
spring-security: spring-security-webflux: path wildcard leads to security bypass (CVE-2023-34034)
http2-hpack: jetty: hpack header values cause denial of service in http/2 (CVE-2023-36478)
avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410)
jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)
tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)
tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)
tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)
jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479)
jetty: OpenId Revoked authentication allows one request (CVE-2023-41900)
For more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.8%