This asynchronous patch is a security update zip for the JBoss EAP XP 4.0.2 runtime distribution for use with EAP 7.4.14.
Security Fix(es):
jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)
jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)
okio: GzipSource class improper exception handling (CVE-2023-3635)
A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.