(RHSA-2024:7441) Important: Red Hat JBoss Enterprise Application Platform 8.0 security update

2024-10-0107:49:36

access.redhat.com

red hat jboss

enterprise application

platform 8.0

java

security update

wildfly

cve-2024-21634

cve-2024-7885

information leakage

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

Low

JSON

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.

This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.

Security Fix(es):

software.amazon.ion/ion-java: ion-java: Ion Java StackOverflow vulnerability (CVE-2024-21634)
undertow: Improper State Management in Proxy Protocol parsing causes information leakage (CVE-2024-7885)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8noarcheap8-wildfly-java-jdk11< 8.0.3-13.GA_redhat_00007.1.el8eapeap8-wildfly-java-jdk11-8.0.3-13.GA_redhat_00007.1.el8eap.noarch.rpm
RedHat9noarcheap8-wildfly-java-jdk11< 8.0.3-13.GA_redhat_00007.1.el9eapeap8-wildfly-java-jdk11-8.0.3-13.GA_redhat_00007.1.el9eap.noarch.rpm
RedHat8noarcheap8-undertow< 2.3.14-2.SP2_redhat_00001.1.el8eapeap8-undertow-2.3.14-2.SP2_redhat_00001.1.el8eap.noarch.rpm
RedHat9noarcheap8-undertow< 2.3.14-2.SP2_redhat_00001.1.el9eapeap8-undertow-2.3.14-2.SP2_redhat_00001.1.el9eap.noarch.rpm
RedHat9noarcheap8-eap-product-conf-wildfly-ee-feature-pack< 800.3.1-2.GA_redhat_00002.1.el9eapeap8-eap-product-conf-wildfly-ee-feature-pack-800.3.1-2.GA_redhat_00002.1.el9eap.noarch.rpm
RedHat8noarcheap8-wildfly-modules< 8.0.3-13.GA_redhat_00007.1.el8eapeap8-wildfly-modules-8.0.3-13.GA_redhat_00007.1.el8eap.noarch.rpm
RedHat9noarcheap8-wildfly< 8.0.3-13.GA_redhat_00007.1.el9eapeap8-wildfly-8.0.3-13.GA_redhat_00007.1.el9eap.noarch.rpm
RedHat8noarcheap8-wildfly< 8.0.3-13.GA_redhat_00007.1.el8eapeap8-wildfly-8.0.3-13.GA_redhat_00007.1.el8eap.noarch.rpm
RedHat8noarcheap8-amazon-ion-java< 1.11.9-2.redhat_00001.1.el8eapeap8-amazon-ion-java-1.11.9-2.redhat_00001.1.el8eap.noarch.rpm
RedHat9noarcheap8-amazon-ion-java< 1.11.9-2.redhat_00001.1.el9eapeap8-amazon-ion-java-1.11.9-2.redhat_00001.1.el9eap.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	noarch	eap8-wildfly-java-jdk11	< 8.0.3-13.GA_redhat_00007.1.el8eap	eap8-wildfly-java-jdk11-8.0.3-13.GA_redhat_00007.1.el8eap.noarch.rpm
RedHat	9	noarch	eap8-wildfly-java-jdk11	< 8.0.3-13.GA_redhat_00007.1.el9eap	eap8-wildfly-java-jdk11-8.0.3-13.GA_redhat_00007.1.el9eap.noarch.rpm
RedHat	8	noarch	eap8-undertow	< 2.3.14-2.SP2_redhat_00001.1.el8eap	eap8-undertow-2.3.14-2.SP2_redhat_00001.1.el8eap.noarch.rpm
RedHat	9	noarch	eap8-undertow	< 2.3.14-2.SP2_redhat_00001.1.el9eap	eap8-undertow-2.3.14-2.SP2_redhat_00001.1.el9eap.noarch.rpm
RedHat	9	noarch	eap8-eap-product-conf-wildfly-ee-feature-pack	< 800.3.1-2.GA_redhat_00002.1.el9eap	eap8-eap-product-conf-wildfly-ee-feature-pack-800.3.1-2.GA_redhat_00002.1.el9eap.noarch.rpm
RedHat	8	noarch	eap8-wildfly-modules	< 8.0.3-13.GA_redhat_00007.1.el8eap	eap8-wildfly-modules-8.0.3-13.GA_redhat_00007.1.el8eap.noarch.rpm
RedHat	9	noarch	eap8-wildfly	< 8.0.3-13.GA_redhat_00007.1.el9eap	eap8-wildfly-8.0.3-13.GA_redhat_00007.1.el9eap.noarch.rpm
RedHat	8	noarch	eap8-wildfly	< 8.0.3-13.GA_redhat_00007.1.el8eap	eap8-wildfly-8.0.3-13.GA_redhat_00007.1.el8eap.noarch.rpm
RedHat	8	noarch	eap8-amazon-ion-java	< 1.11.9-2.redhat_00001.1.el8eap	eap8-amazon-ion-java-1.11.9-2.redhat_00001.1.el8eap.noarch.rpm
RedHat	9	noarch	eap8-amazon-ion-java	< 1.11.9-2.redhat_00001.1.el9eap	eap8-amazon-ion-java-1.11.9-2.redhat_00001.1.el9eap.noarch.rpm