Lucene search

Veracode Vulnerability DatabaseVERACODE:12705

HistoryJan 15, 2019 - 9:20 a.m.

Information Disclosure

2019-01-1509:20:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known, are vulnerable to information disclosure. A local unprivileged attacker is able to perform a side-channel analysis known as Speculative Store Bypass (SSB) Variant 4 to read and obtain confidential information from a memory address to which a recent memory write has occurred, which would subsequently cause an update into the microprocessor’s data cache.

CPENameOperatorVersion
jbossas-standaloneeq7.5.16__1.Final_redhat_1.1.ep6.el7
jbossas-standaloneeq7.4.1__2.Final_redhat_3.1.ep6.el6
jbossas-standaloneeq7.5.13__5.Final_redhat_2.1.ep6.el7
jbossas-standaloneeq7.5.4__2.Final_redhat_4.1.ep6.el5
jbossas-standaloneeq7.4.3__2.Final_redhat_2.1.ep6.el7
jbossas-standaloneeq7.5.3__1.Final_redhat_2.1.ep6.el6
jbossas-standaloneeq7.5.0__9.Final_redhat_21.1.ep6.el6
jbossas-standaloneeq7.5.3__1.Final_redhat_2.1.ep6.el7
jbossas-standaloneeq7.4.3__2.Final_redhat_2.1.ep6.el5
jbossas-standaloneeq7.5.2__2.Final_redhat_2.1.ep6.el5

Name	Operator	Version
jbossas-standalone	eq	7.5.16__1.Final_redhat_1.1.ep6.el7
jbossas-standalone	eq	7.4.1__2.Final_redhat_3.1.ep6.el6
jbossas-standalone	eq	7.5.13__5.Final_redhat_2.1.ep6.el7
jbossas-standalone	eq	7.5.4__2.Final_redhat_4.1.ep6.el5
jbossas-standalone	eq	7.4.3__2.Final_redhat_2.1.ep6.el7
jbossas-standalone	eq	7.5.3__1.Final_redhat_2.1.ep6.el6
jbossas-standalone	eq	7.5.0__9.Final_redhat_21.1.ep6.el6
jbossas-standalone	eq	7.5.3__1.Final_redhat_2.1.ep6.el7
jbossas-standalone	eq	7.4.3__2.Final_redhat_2.1.ep6.el5
jbossas-standalone	eq	7.5.2__2.Final_redhat_2.1.ep6.el5

Rows per page:

1-10 of 124541

References

access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/

access.redhat.com/errata/RHSA-2018:0268

access.redhat.com/errata/RHSA-2018:0269

access.redhat.com/errata/RHSA-2018:0270

access.redhat.com/errata/RHSA-2018:0271

access.redhat.com/errata/RHSA-2018:0275

access.redhat.com/errata/RHSA-2018:0478

access.redhat.com/errata/RHSA-2018:0479

access.redhat.com/errata/RHSA-2018:0480

access.redhat.com/errata/RHSA-2018:0481

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1519258

bugzilla.redhat.com/show_bug.cgi?id=1533996

bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174

lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E

lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E

lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E

lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088@%3Ccommits.activemq.apache.org%3E

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

Related for VERACODE:12705