7 matches found
CVE-2019-3894
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem stores a SecurityIdentity to run the thread with that security identity. As these threads do not necessarily terminate if the 'keep alive' time has not expired, this could allow a shared thread to use the wrong securit...
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 7 (RHSA-2019:1108)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1108 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on JBoss Application Server 7. This release of Red...
Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.3.1 security update
A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 7 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.1 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2019-3894
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security...
CVE-2019-3894
Affected software: WildFly Elytron subsystem. Vulnerable component: ElytronManagedThread that stores a SecurityIdentity for the thread. Root cause: threads may not terminate after keep-alive time, enabling a shared thread to run with the wrong security identity. Impact: potential confidentiality,...