All the vulnerabilites related to Red Hat - wildfly
var-201905-0080
Vulnerability from variot
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root. wildfly Contains a race condition vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. RedHatWildfly is a JavaEE-based lightweight open source application server from RedHat. A race condition issue vulnerability exists in RedHatWildfly16.0.0.Final and prior versions. The vulnerability stems from the improper handling of concurrent access when the network system or product is running and concurrent code needs to access shared resources mutually exclusive. Redhat Wildfly is prone to a local denial of service vulnerability. An attacker can leverage this issue to cause a denial of service condition. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Installation instructions are available from the Fuse 7.4.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/
- Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1628702 - CVE-2018-14642 undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer 1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1671096 - CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver 1671097 - CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library 1677341 - CVE-2018-11307 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis 1682108 - CVE-2019-3894 wildfly: wrong SecurityIdentity for EE concurrency threads that are reused
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-14861 - GSS Upgrade JBeret from 1.3.1.Final to 1.3.2.Final JBEAP-15392 - (7.2.z) Upgrade Apache CXF from 3.2.5 to 3.2.7 JBEAP-15477 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4 JBEAP-15478 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4 JBEAP-15568 - GSS Upgrade ironjacamar from 1.4.11 Final to 1.4.15 Final JBEAP-15617 - (7.2.z) Upgrade WildFly Core from 6.0.11 to 6.0.12 JBEAP-15622 - GSS Upgrade jboss-el-api_spec from 1.0.12.Final to 1.0.13.Final JBEAP-15748 - GSS Upgrade jastow from 2.0.6.Final-redhat-00001 to 2.0.7.Final-redhat-00001 JBEAP-15805 - (7.2.z) Upgrade Hibernate ORM from 5.3.7 to 5.3.8 JBEAP-15851 - [ENG] (7.2.z) Upgrade Infinispan from 9.3.3.Final to 9.3.6.Final JBEAP-15869 - (7.2.z) Upgrade Undertow from 2.0.15 to 2.0.19 JBEAP-15876 - (7.2.z) Upgrade Artemis from 2.6.3.redhat-00014 to 2.6.3.redhat-00020 JBEAP-16025 - Upgrade yasson from 1.0.1 to 1.0.2 JBEAP-16037 - GSS Upgrade Narayana from 5.9.0.Final to 5.9.1.Final JBEAP-16086 - (7.2.z) Upgrade WildFly HTTP client from 1.0.12.Final to 1.0.13.Final JBEAP-16090 - GSS Upgrade jboss-ejb-client from 4.0.12 to 4.0.15 JBEAP-16091 - GSS Upgrade wildfly-transaction-client from 1.1.2.Final-redhat-1 to 1.1.3.Final-redhat-1 JBEAP-16112 - (7.2.z) Upgrade FasterXML Jackson from 2.9.5.redhat-2 to 2.9.8 JBEAP-16122 - [Runtimes] (7.2.z) Upgrade istack from 3.0.5.redhat-1 to 3.0.7.redhat-00001 JBEAP-16123 - [Runtimes] (7.2.x) Upgrade commons-digester from 1.8 to 1.8.1.redhat-4 JBEAP-16124 - [Runtimes] (7.2.x) Upgrade hornetq from 2.4.7.redhat-1 to 2.4.7.redhat-2 JBEAP-16125 - [Runtimes] (7.2.x) Upgrade org.jboss.genericjms from 2.0.1.Final-redhat-1 to 2.0.1.Final-redhat-00002 JBEAP-16137 - (7.2.z) (WFCORE) Upgrade FasterXML Jackson from 2.9.2 to 2.9.8 JBEAP-16146 - (7.2.z) Upgrade Elytron from 1.6.1.Final to 1.6.2.Final JBEAP-16147 - (7.2.z) Upgrade Elytron-Tool from 1.4.0 to 1.4.1.Final JBEAP-16234 - Tracker bug for the EAP 7.2.1 release for RHEL-7 JBEAP-16259 - (7.2.z) Upgrade legacy EJB Client from 3.0.2.Final-redhat-1 to 3.0.3.Final-redhat-1 JBEAP-16276 - (7.2.z) Upgrade elytron-web from 1.2.3.Final to 1.2.4.Final JBEAP-16321 - (7.2.z) HHH-13099 HHH-13283 Upgrade ByteBuddy from 1.8.17 to 1.9.5 JBEAP-16347 - (7.2.z) Upgrade jboss-logmanager from 2.1.5.Final-redhat-00001 to 2.1.7.Final JBEAP-16356 - (7.2.z) Upgrade RESTEasy from 3.6.1.SP2 to 3.6.1.SP3 JBEAP-16367 - (7.2.z) Upgrade commons-lang3 from 3.6.0-redhat-1 to 3.8-redhat-00001 JBEAP-16368 - (7.2.z) Upgrade cxf-xjc from 3.2.2.redhat-00001 to 3.2.3.redhat-00002 JBEAP-16369 - (7.2.z) Upgrade httpasyncclient from 4.1.3.redhat-2 to 4.1.4.redhat-00001 JBEAP-16381 - (7.2.z) Upgrade jboss-remoting-jmx from 3.0.0.Final to 3.0.1.Final JBEAP-16418 - (7.2.z) Upgrade Hibernate ORM from 5.3.8 to 5.3.9 JBEAP-9657 - (7.2.z) Upgrade jboss-negotiation from 3.0.4 to 3.0.5.Final-redhat-00001
-
Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
-
Summary:
This is a security update for JBoss EAP Continuous Delivery 18.0. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat Data Grid 7.3.3 security update Advisory ID: RHSA-2020:0727-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2020:0727 Issue date: 2020-03-05 CVE Names: CVE-2018-14335 CVE-2019-3805 CVE-2019-3888 CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2019-9518 CVE-2019-10173 CVE-2019-10174 CVE-2019-10184 CVE-2019-10212 CVE-2019-14379 ==================================================================== 1. Summary:
An update for Red Hat Data Grid is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.
This release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat Data Grid 7.3.2 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.
Security Fix(es):
-
HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
-
HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
-
HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
-
HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)
-
xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) (CVE-2019-10173)
-
infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)
-
jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)
-
h2: Information Exposure due to insecure handling of permissions in the backup (CVE-2018-14335)
-
wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805)
-
undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)
-
undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files (CVE-2019-10212)
-
undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
To install this update, do the following:
- Download the Data Grid 7.3.3 server patch from the customer portal.
- Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.
- Install the Data Grid 7.3.3 server patch. Refer to the 7.3 Release Notes for patching instructions.
-
Restart Data Grid to ensure the changes take effect.
-
Bugs fixed (https://bugzilla.redhat.com/):
1610877 - CVE-2018-14335 h2: Information Exposure due to insecure handling of permissions in the backup 1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users 1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed 1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1722971 - CVE-2019-10173 xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) 1731984 - CVE-2019-10212 undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution
- References:
https://access.redhat.com/security/cve/CVE-2018-14335 https://access.redhat.com/security/cve/CVE-2019-3805 https://access.redhat.com/security/cve/CVE-2019-3888 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-9518 https://access.redhat.com/security/cve/CVE-2019-10173 https://access.redhat.com/security/cve/CVE-2019-10174 https://access.redhat.com/security/cve/CVE-2019-10184 https://access.redhat.com/security/cve/CVE-2019-10212 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\xdata.grid&downloadType=patches&version=7.3 https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXmD2b9zjgjWX9erEAQhDqA/9G7uM0HlTt4M6Z9Zc23FSbbr+jj1k/o69 a5WWa+xS3Ko4IvlN5rt+wOHSFet+NTMAerNHzAsB2+viX1hr14Hwf3QnIom/yxbJ PaC1djdaZfcvSIODhbq/C5Ilae09x3rW1voQ39i1Q2bsEqVePLZdC75KjvNLsfqe QJCMvcO3jkccxn7k45baCfTGsFyOhHb17Y9DRarWsC7jO9kEjMxrUPN6qKP6BC9t RMuqDxo1aJnatMeCWb7NA0UpOz0+lFpuR+ZZYPV444nGmfTKrbc9c5TuQUCSP+LD sG1+fh2xMztuGxNiJfgSP3iqHmgXD9TBxh1kxn1kt59llCO5+Uqu/O5OsqeQQ0Ym I+a2VAzn2N776sTbWIZ3231IJex68oG+4/fIo6/FVVJpmtDIDgumgErTPD0kkNuT yyyn3u50RZohzSxEz37QdiQDJbiJcJhmtFR5fLRAbFa8Ys2Gw81PGFba95/kVooX K5uSukzOBm8nhxfBvwZDCY/gWuJwVLSAOJb4VoPZiR2WbZsx+9r+spQv6K9wYr5v s//DY88rsUSaMH4kGco//6Dqis8IwOISr/ZR+Edlnrz1rHv9Z4XerMw56VUKIHva mS7rdNmbLqHN0XfZImxewLca2i7sWIlxWrgKF2f4zEO3ermivdis7RdssZkJ9Zv9 S7B2VoNOQj4=zoia -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
The References section of this erratum contains a download link (you must log in to download the update)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0080",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wildfly",
"scope": "lte",
"trust": 1.0,
"vendor": "redhat",
"version": "16.0.0"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0.0"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0.0"
},
{
"model": "jboss enterprise application platform",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "wildfly",
"scope": "lte",
"trust": 0.8,
"vendor": "red hat",
"version": "16.0.0"
},
{
"model": "hat wildfly \u003c=16.0.0.final",
"scope": null,
"trust": 0.6,
"vendor": "red",
"version": null
},
{
"model": "wildfly",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "jboss eap",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "70"
},
{
"model": "jboss eap",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14823"
},
{
"db": "BID",
"id": "108115"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003857"
},
{
"db": "NVD",
"id": "CVE-2019-3805"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:redhat:jboss_enterprise_application_platform",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:redhat:jboss_wildfly_application_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003857"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "153980"
},
{
"db": "PACKETSTORM",
"id": "152765"
},
{
"db": "PACKETSTORM",
"id": "152766"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "PACKETSTORM",
"id": "156628"
},
{
"db": "PACKETSTORM",
"id": "152779"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-107"
}
],
"trust": 1.2
},
"cve": "CVE-2019-3805",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"id": "CVE-2019-3805",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"id": "CNVD-2019-14823",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.0,
"id": "CVE-2019-3805",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "secalert@redhat.com",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2019-3805",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 4.7,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-3805",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3805",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2019-3805",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-3805",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-14823",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-107",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-3805",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14823"
},
{
"db": "VULMON",
"id": "CVE-2019-3805"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003857"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-107"
},
{
"db": "NVD",
"id": "CVE-2019-3805"
},
{
"db": "NVD",
"id": "CVE-2019-3805"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root. wildfly Contains a race condition vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. RedHatWildfly is a JavaEE-based lightweight open source application server from RedHat. A race condition issue vulnerability exists in RedHatWildfly16.0.0.Final and prior versions. The vulnerability stems from the improper handling of concurrent access when the network system or product is running and concurrent code needs to access shared resources mutually exclusive. Redhat Wildfly is prone to a local denial of service vulnerability. \nAn attacker can leverage this issue to cause a denial of service condition. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.4.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/\n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1628702 - CVE-2018-14642 undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer\n1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1671096 - CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver\n1671097 - CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library\n1677341 - CVE-2018-11307 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis\n1682108 - CVE-2019-3894 wildfly: wrong SecurityIdentity for EE concurrency threads that are reused\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-14861 - [GSS](7.2.z) Upgrade JBeret from 1.3.1.Final to 1.3.2.Final\nJBEAP-15392 - (7.2.z) Upgrade Apache CXF from 3.2.5 to 3.2.7\nJBEAP-15477 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4\nJBEAP-15478 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4\nJBEAP-15568 - [GSS](7.2.z) Upgrade ironjacamar from 1.4.11 Final to 1.4.15 Final\nJBEAP-15617 - (7.2.z) Upgrade WildFly Core from 6.0.11 to 6.0.12\nJBEAP-15622 - [GSS](7.2.z) Upgrade jboss-el-api_spec from 1.0.12.Final to 1.0.13.Final\nJBEAP-15748 - [GSS](7.2.z) Upgrade jastow from 2.0.6.Final-redhat-00001 to 2.0.7.Final-redhat-00001\nJBEAP-15805 - (7.2.z) Upgrade Hibernate ORM from 5.3.7 to 5.3.8\nJBEAP-15851 - [ENG] (7.2.z) Upgrade Infinispan from 9.3.3.Final to 9.3.6.Final\nJBEAP-15869 - (7.2.z) Upgrade Undertow from 2.0.15 to 2.0.19\nJBEAP-15876 - (7.2.z) Upgrade Artemis from 2.6.3.redhat-00014 to 2.6.3.redhat-00020\nJBEAP-16025 - Upgrade yasson from 1.0.1 to 1.0.2\nJBEAP-16037 - [GSS](7.2.z) Upgrade Narayana from 5.9.0.Final to 5.9.1.Final\nJBEAP-16086 - (7.2.z) Upgrade WildFly HTTP client from 1.0.12.Final to 1.0.13.Final\nJBEAP-16090 - [GSS](7.2.z) Upgrade jboss-ejb-client from 4.0.12 to 4.0.15\nJBEAP-16091 - [GSS](7.2.z) Upgrade wildfly-transaction-client from 1.1.2.Final-redhat-1 to 1.1.3.Final-redhat-1\nJBEAP-16112 - (7.2.z) Upgrade FasterXML Jackson from 2.9.5.redhat-2 to 2.9.8\nJBEAP-16122 - [Runtimes] (7.2.z) Upgrade istack from 3.0.5.redhat-1 to 3.0.7.redhat-00001\nJBEAP-16123 - [Runtimes] (7.2.x) Upgrade commons-digester from 1.8 to 1.8.1.redhat-4\nJBEAP-16124 - [Runtimes] (7.2.x) Upgrade hornetq from 2.4.7.redhat-1 to 2.4.7.redhat-2\nJBEAP-16125 - [Runtimes] (7.2.x) Upgrade org.jboss.genericjms from 2.0.1.Final-redhat-1 to 2.0.1.Final-redhat-00002\nJBEAP-16137 - (7.2.z) (WFCORE) Upgrade FasterXML Jackson from 2.9.2 to 2.9.8\nJBEAP-16146 - (7.2.z) Upgrade Elytron from 1.6.1.Final to 1.6.2.Final\nJBEAP-16147 - (7.2.z) Upgrade Elytron-Tool from 1.4.0 to 1.4.1.Final\nJBEAP-16234 - Tracker bug for the EAP 7.2.1 release for RHEL-7\nJBEAP-16259 - (7.2.z) Upgrade legacy EJB Client from 3.0.2.Final-redhat-1 to 3.0.3.Final-redhat-1\nJBEAP-16276 - (7.2.z) Upgrade elytron-web from 1.2.3.Final to 1.2.4.Final\nJBEAP-16321 - (7.2.z) HHH-13099 HHH-13283 Upgrade ByteBuddy from 1.8.17 to 1.9.5\nJBEAP-16347 - (7.2.z) Upgrade jboss-logmanager from 2.1.5.Final-redhat-00001 to 2.1.7.Final\nJBEAP-16356 - (7.2.z) Upgrade RESTEasy from 3.6.1.SP2 to 3.6.1.SP3\nJBEAP-16367 - (7.2.z) Upgrade commons-lang3 from 3.6.0-redhat-1 to 3.8-redhat-00001\nJBEAP-16368 - (7.2.z) Upgrade cxf-xjc from 3.2.2.redhat-00001 to 3.2.3.redhat-00002\nJBEAP-16369 - (7.2.z) Upgrade httpasyncclient from 4.1.3.redhat-2 to 4.1.4.redhat-00001\nJBEAP-16381 - (7.2.z) Upgrade jboss-remoting-jmx from 3.0.0.Final to 3.0.1.Final\nJBEAP-16418 - (7.2.z) Upgrade Hibernate ORM from 5.3.8 to 5.3.9\nJBEAP-9657 - (7.2.z) Upgrade jboss-negotiation from 3.0.4 to 3.0.5.Final-redhat-00001\n\n7. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 18.0. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat Data Grid 7.3.3 security update\nAdvisory ID: RHSA-2020:0727-01\nProduct: Red Hat JBoss Data Grid\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:0727\nIssue date: 2020-03-05\nCVE Names: CVE-2018-14335 CVE-2019-3805 CVE-2019-3888\n CVE-2019-9512 CVE-2019-9514 CVE-2019-9515\n CVE-2019-9518 CVE-2019-10173 CVE-2019-10174\n CVE-2019-10184 CVE-2019-10212 CVE-2019-14379\n====================================================================\n1. Summary:\n\nAn update for Red Hat Data Grid is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat\nData Grid 7.3.2 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. \n\nSecurity Fix(es):\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: flood using empty frames results in excessive resource\nconsumption (CVE-2019-9518)\n\n* xstream: remote code execution due to insecure XML deserialization\n(regression of CVE-2013-7285) (CVE-2019-10173)\n\n* infinispan: invokeAccessibly method from ReflectionUtil class allows to\ninvoke private methods (CVE-2019-10174)\n\n* jackson-databind: default typing mishandling leading to remote code\nexecution (CVE-2019-14379)\n\n* h2: Information Exposure due to insecure handling of permissions in the\nbackup (CVE-2018-14335)\n\n* wildfly: Race condition on PID file allows for termination of arbitrary\nprocesses by local users (CVE-2019-3805)\n\n* undertow: leak credentials to log files\nUndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)\n\n* undertow: DEBUG log for io.undertow.request.security if enabled leaks\ncredentials to log files (CVE-2019-10212)\n\n* undertow: Information leak in requests for directories without trailing\nslashes (CVE-2019-10184)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.3 server patch from the customer portal. \n2. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. \n3. Install the Data Grid 7.3.3 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. \n4. Restart Data Grid to ensure the changes take effect. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1610877 - CVE-2018-14335 h2: Information Exposure due to insecure handling of permissions in the backup\n1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users\n1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed\n1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods\n1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes\n1722971 - CVE-2019-10173 xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)\n1731984 - CVE-2019-10212 undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files\n1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth\n1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth\n1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14335\nhttps://access.redhat.com/security/cve/CVE-2019-3805\nhttps://access.redhat.com/security/cve/CVE-2019-3888\nhttps://access.redhat.com/security/cve/CVE-2019-9512\nhttps://access.redhat.com/security/cve/CVE-2019-9514\nhttps://access.redhat.com/security/cve/CVE-2019-9515\nhttps://access.redhat.com/security/cve/CVE-2019-9518\nhttps://access.redhat.com/security/cve/CVE-2019-10173\nhttps://access.redhat.com/security/cve/CVE-2019-10174\nhttps://access.redhat.com/security/cve/CVE-2019-10184\nhttps://access.redhat.com/security/cve/CVE-2019-10212\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\\xdata.grid\u0026downloadType=patches\u0026version=7.3\nhttps://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXmD2b9zjgjWX9erEAQhDqA/9G7uM0HlTt4M6Z9Zc23FSbbr+jj1k/o69\na5WWa+xS3Ko4IvlN5rt+wOHSFet+NTMAerNHzAsB2+viX1hr14Hwf3QnIom/yxbJ\nPaC1djdaZfcvSIODhbq/C5Ilae09x3rW1voQ39i1Q2bsEqVePLZdC75KjvNLsfqe\nQJCMvcO3jkccxn7k45baCfTGsFyOhHb17Y9DRarWsC7jO9kEjMxrUPN6qKP6BC9t\nRMuqDxo1aJnatMeCWb7NA0UpOz0+lFpuR+ZZYPV444nGmfTKrbc9c5TuQUCSP+LD\nsG1+fh2xMztuGxNiJfgSP3iqHmgXD9TBxh1kxn1kt59llCO5+Uqu/O5OsqeQQ0Ym\nI+a2VAzn2N776sTbWIZ3231IJex68oG+4/fIo6/FVVJpmtDIDgumgErTPD0kkNuT\nyyyn3u50RZohzSxEz37QdiQDJbiJcJhmtFR5fLRAbFa8Ys2Gw81PGFba95/kVooX\nK5uSukzOBm8nhxfBvwZDCY/gWuJwVLSAOJb4VoPZiR2WbZsx+9r+spQv6K9wYr5v\ns//DY88rsUSaMH4kGco//6Dqis8IwOISr/ZR+Edlnrz1rHv9Z4XerMw56VUKIHva\nmS7rdNmbLqHN0XfZImxewLca2i7sWIlxWrgKF2f4zEO3ermivdis7RdssZkJ9Zv9\nS7B2VoNOQj4=zoia\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3805"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003857"
},
{
"db": "CNVD",
"id": "CNVD-2019-14823"
},
{
"db": "BID",
"id": "108115"
},
{
"db": "VULMON",
"id": "CVE-2019-3805"
},
{
"db": "PACKETSTORM",
"id": "153980"
},
{
"db": "PACKETSTORM",
"id": "152765"
},
{
"db": "PACKETSTORM",
"id": "152766"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "PACKETSTORM",
"id": "156628"
},
{
"db": "PACKETSTORM",
"id": "152779"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3805",
"trust": 4.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003857",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "152766",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158095",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156628",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "152779",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-14823",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1618",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2071",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1638",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0832",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-107",
"trust": 0.6
},
{
"db": "BID",
"id": "108115",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2019-3805",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153980",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152765",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14823"
},
{
"db": "VULMON",
"id": "CVE-2019-3805"
},
{
"db": "BID",
"id": "108115"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003857"
},
{
"db": "PACKETSTORM",
"id": "153980"
},
{
"db": "PACKETSTORM",
"id": "152765"
},
{
"db": "PACKETSTORM",
"id": "152766"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "PACKETSTORM",
"id": "156628"
},
{
"db": "PACKETSTORM",
"id": "152779"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-107"
},
{
"db": "NVD",
"id": "CVE-2019-3805"
}
]
},
"id": "VAR-201905-0080",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14823"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14823"
}
]
},
"last_update_date": "2024-09-19T21:32:06.249000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug 1660263",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805"
},
{
"title": "RHSA-2019:1106",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2019:1106"
},
{
"title": "RHSA-2019:1107",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2019:1107"
},
{
"title": "RHSA-2019:1108",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2019:1108"
},
{
"title": "RHSA-2019:1140",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2019:1140"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191108 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.4.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192413 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191107 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191106 - Security Advisory"
},
{
"title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 18 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202565 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.3.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191140 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200727 - Security Advisory"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3805"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003857"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-364",
"trust": 1.0
},
{
"problemtype": "CWE-269",
"trust": 1.0
},
{
"problemtype": "CWE-362",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003857"
},
{
"db": "NVD",
"id": "CVE-2019-3805"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:1140"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:2413"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:1106"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3805"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1108"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1107"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2020:0727"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3805"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190517-0004/"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2019-3805"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3805"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2019-3805"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2071/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152779/red-hat-security-advisory-2019-1140-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158095/red-hat-security-advisory-2020-2565-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0832/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/red-hat-jboss-enterprise-application-platform-wildfly-privilege-escalation-29227"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152766/red-hat-security-advisory-2019-1107-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80598"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80514"
},
{
"trust": 0.3,
"url": "http://wildfly.org/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660263"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14642"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12022"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12023"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-12023"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-14642"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-12022"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11307"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-3894"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-11307"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3894"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/269.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=60107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.4.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1320"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10899"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10899"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1320"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-15758"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19343"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19343"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10173"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=patches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3888"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10173"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3888"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10212"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10212"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14335"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3868"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=core.service.rhsso\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3868"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14823"
},
{
"db": "VULMON",
"id": "CVE-2019-3805"
},
{
"db": "BID",
"id": "108115"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003857"
},
{
"db": "PACKETSTORM",
"id": "153980"
},
{
"db": "PACKETSTORM",
"id": "152765"
},
{
"db": "PACKETSTORM",
"id": "152766"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "PACKETSTORM",
"id": "156628"
},
{
"db": "PACKETSTORM",
"id": "152779"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-107"
},
{
"db": "NVD",
"id": "CVE-2019-3805"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-14823"
},
{
"db": "VULMON",
"id": "CVE-2019-3805"
},
{
"db": "BID",
"id": "108115"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003857"
},
{
"db": "PACKETSTORM",
"id": "153980"
},
{
"db": "PACKETSTORM",
"id": "152765"
},
{
"db": "PACKETSTORM",
"id": "152766"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "PACKETSTORM",
"id": "156628"
},
{
"db": "PACKETSTORM",
"id": "152779"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-107"
},
{
"db": "NVD",
"id": "CVE-2019-3805"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14823"
},
{
"date": "2019-05-03T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3805"
},
{
"date": "2018-12-18T00:00:00",
"db": "BID",
"id": "108115"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003857"
},
{
"date": "2019-08-08T14:34:03",
"db": "PACKETSTORM",
"id": "153980"
},
{
"date": "2019-05-08T17:45:55",
"db": "PACKETSTORM",
"id": "152765"
},
{
"date": "2019-05-08T17:46:03",
"db": "PACKETSTORM",
"id": "152766"
},
{
"date": "2020-06-16T00:54:44",
"db": "PACKETSTORM",
"id": "158095"
},
{
"date": "2020-03-05T14:41:17",
"db": "PACKETSTORM",
"id": "156628"
},
{
"date": "2019-05-09T10:21:11",
"db": "PACKETSTORM",
"id": "152779"
},
{
"date": "2019-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-107"
},
{
"date": "2019-05-03T20:29:01.263000",
"db": "NVD",
"id": "CVE-2019-3805"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14823"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3805"
},
{
"date": "2018-12-18T00:00:00",
"db": "BID",
"id": "108115"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003857"
},
{
"date": "2020-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-107"
},
{
"date": "2020-10-16T16:04:34.210000",
"db": "NVD",
"id": "CVE-2019-3805"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "108115"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-107"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "wildfly Race condition vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003857"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "competition condition problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-107"
}
],
"trust": 0.6
}
}
var-201905-0262
Vulnerability from variot
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing. Wildfly Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. RedHatWildfly is a JavaEE-based lightweight open source application server from RedHat. Elytronsubsystem is one of the security framework subsystems. Permissions and access control issues vulnerabilities exist in the ElytronManagedThread of the Elytron subsystem in the RedHatWildfly11 to 16 release. The vulnerability stems from the lack of effective permissions and access control measures for network systems or products.
The References section of this erratum contains a download link (you must log in to download the update).
The JBoss server process must be restarted for the update to take effect. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 7 security update Advisory ID: RHSA-2019:1108-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2019:1108 Issue date: 2019-05-08 CVE Names: CVE-2018-11307 CVE-2018-12022 CVE-2018-12023 CVE-2018-14642 CVE-2018-14720 CVE-2018-14721 CVE-2019-3805 CVE-2019-3894 ==================================================================== 1. Summary:
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss EAP 7.2 for RHEL 7 Server - noarch, x86_64
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on JBoss Application Server 7.
This release of Red Hat JBoss Enterprise Application Platform 7.2.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.0, and includes bug fixes and enhancements. Refer to the Red Hat JBoss Enterprise Application Platform 7.2.1 Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)
-
jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)
-
jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)
-
undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer (CVE-2018-14642)
-
jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)
-
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721)
-
wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805)
-
wildfly: wrong SecurityIdentity for EE concurrency threads that are reused (CVE-2019-3894)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1628702 - CVE-2018-14642 undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer 1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1671096 - CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver 1671097 - CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library 1677341 - CVE-2018-11307 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis 1682108 - CVE-2019-3894 wildfly: wrong SecurityIdentity for EE concurrency threads that are reused
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-14861 - GSS Upgrade JBeret from 1.3.1.Final to 1.3.2.Final JBEAP-15392 - (7.2.z) Upgrade Apache CXF from 3.2.5 to 3.2.7 JBEAP-15477 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4 JBEAP-15478 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4 JBEAP-15568 - GSS Upgrade ironjacamar from 1.4.11 Final to 1.4.15 Final JBEAP-15617 - (7.2.z) Upgrade WildFly Core from 6.0.11 to 6.0.12 JBEAP-15622 - GSS Upgrade jboss-el-api_spec from 1.0.12.Final to 1.0.13.Final JBEAP-15748 - GSS Upgrade jastow from 2.0.6.Final-redhat-00001 to 2.0.7.Final-redhat-00001 JBEAP-15805 - (7.2.z) Upgrade Hibernate ORM from 5.3.7 to 5.3.8 JBEAP-15851 - [ENG] (7.2.z) Upgrade Infinispan from 9.3.3.Final to 9.3.6.Final JBEAP-15869 - (7.2.z) Upgrade Undertow from 2.0.15 to 2.0.19 JBEAP-15876 - (7.2.z) Upgrade Artemis from 2.6.3.redhat-00014 to 2.6.3.redhat-00020 JBEAP-16025 - Upgrade yasson from 1.0.1 to 1.0.2 JBEAP-16037 - GSS Upgrade Narayana from 5.9.0.Final to 5.9.1.Final JBEAP-16086 - (7.2.z) Upgrade WildFly HTTP client from 1.0.12.Final to 1.0.13.Final JBEAP-16090 - GSS Upgrade jboss-ejb-client from 4.0.12 to 4.0.15 JBEAP-16091 - GSS Upgrade wildfly-transaction-client from 1.1.2.Final-redhat-1 to 1.1.3.Final-redhat-1 JBEAP-16112 - (7.2.z) Upgrade FasterXML Jackson from 2.9.5.redhat-2 to 2.9.8 JBEAP-16122 - [Runtimes] (7.2.z) Upgrade istack from 3.0.5.redhat-1 to 3.0.7.redhat-00001 JBEAP-16123 - [Runtimes] (7.2.x) Upgrade commons-digester from 1.8 to 1.8.1.redhat-4 JBEAP-16124 - [Runtimes] (7.2.x) Upgrade hornetq from 2.4.7.redhat-1 to 2.4.7.redhat-2 JBEAP-16125 - [Runtimes] (7.2.x) Upgrade org.jboss.genericjms from 2.0.1.Final-redhat-1 to 2.0.1.Final-redhat-00002 JBEAP-16137 - (7.2.z) (WFCORE) Upgrade FasterXML Jackson from 2.9.2 to 2.9.8 JBEAP-16146 - (7.2.z) Upgrade Elytron from 1.6.1.Final to 1.6.2.Final JBEAP-16147 - (7.2.z) Upgrade Elytron-Tool from 1.4.0 to 1.4.1.Final JBEAP-16234 - Tracker bug for the EAP 7.2.1 release for RHEL-7 JBEAP-16259 - (7.2.z) Upgrade legacy EJB Client from 3.0.2.Final-redhat-1 to 3.0.3.Final-redhat-1 JBEAP-16276 - (7.2.z) Upgrade elytron-web from 1.2.3.Final to 1.2.4.Final JBEAP-16321 - (7.2.z) HHH-13099 HHH-13283 Upgrade ByteBuddy from 1.8.17 to 1.9.5 JBEAP-16347 - (7.2.z) Upgrade jboss-logmanager from 2.1.5.Final-redhat-00001 to 2.1.7.Final JBEAP-16356 - (7.2.z) Upgrade RESTEasy from 3.6.1.SP2 to 3.6.1.SP3 JBEAP-16367 - (7.2.z) Upgrade commons-lang3 from 3.6.0-redhat-1 to 3.8-redhat-00001 JBEAP-16368 - (7.2.z) Upgrade cxf-xjc from 3.2.2.redhat-00001 to 3.2.3.redhat-00002 JBEAP-16369 - (7.2.z) Upgrade httpasyncclient from 4.1.3.redhat-2 to 4.1.4.redhat-00001 JBEAP-16381 - (7.2.z) Upgrade jboss-remoting-jmx from 3.0.0.Final to 3.0.1.Final JBEAP-16418 - (7.2.z) Upgrade Hibernate ORM from 5.3.8 to 5.3.9 JBEAP-9657 - (7.2.z) Upgrade jboss-negotiation from 3.0.4 to 3.0.5.Final-redhat-00001
- Package List:
Red Hat JBoss EAP 7.2 for RHEL 7 Server:
Source: eap7-activemq-artemis-2.6.3-5.redhat_00020.1.el7eap.src.rpm eap7-apache-commons-lang-3.8.0-1.redhat_00001.1.el7eap.src.rpm eap7-apache-cxf-3.2.7-1.redhat_00001.1.el7eap.src.rpm eap7-apache-cxf-xjc-utils-3.2.3-2.redhat_00002.1.el7eap.src.rpm eap7-artemis-native-2.6.3-15.redhat_00020.el7eap.src.rpm eap7-byte-buddy-1.9.5-1.redhat_00001.1.el7eap.src.rpm eap7-dom4j-2.1.1-2.redhat_00001.1.el7eap.src.rpm eap7-elytron-web-1.2.4-1.Final_redhat_00001.1.el7eap.src.rpm eap7-hibernate-5.3.9-2.Final_redhat_00002.1.el7eap.src.rpm eap7-httpcomponents-asyncclient-4.1.4-1.redhat_00001.1.el7eap.src.rpm eap7-infinispan-9.3.6-1.Final_redhat_00001.1.el7eap.src.rpm eap7-ironjacamar-1.4.15-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jackson-annotations-2.9.8-2.redhat_00004.1.el7eap.src.rpm eap7-jackson-core-2.9.8-2.redhat_00004.1.el7eap.src.rpm eap7-jackson-databind-2.9.8-2.redhat_00004.1.el7eap.src.rpm eap7-jackson-jaxrs-providers-2.9.8-2.redhat_00004.1.el7eap.src.rpm eap7-jackson-modules-base-2.9.8-1.redhat_00004.1.el7eap.src.rpm eap7-jackson-modules-java8-2.9.8-1.redhat_00004.1.el7eap.src.rpm eap7-jberet-1.3.2-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-ejb-client-4.0.15-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-el-api_3.0_spec-1.0.13-2.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-genericjms-2.0.1-2.Final_redhat_00002.1.el7eap.src.rpm eap7-jboss-logmanager-2.1.7-3.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-remoting-jmx-3.0.1-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-security-negotiation-3.0.5-2.Final_redhat_00001.1.el7eap.src.rpm eap7-jboss-server-migration-1.3.0-7.Final_redhat_00004.1.el7eap.src.rpm eap7-narayana-5.9.1-1.Final_redhat_00001.1.el7eap.src.rpm eap7-picketlink-bindings-2.5.5-16.SP12_redhat_4.1.el7eap.src.rpm eap7-picketlink-federation-2.5.5-16.SP12_redhat_4.1.el7eap.src.rpm eap7-resteasy-3.6.1-4.SP3_redhat_00001.1.el7eap.src.rpm eap7-sun-istack-commons-3.0.7-2.redhat_00001.1.el7eap.src.rpm eap7-undertow-2.0.19-1.Final_redhat_00001.1.el7eap.src.rpm eap7-undertow-jastow-2.0.7-2.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.2.1-6.GA_redhat_00004.1.el7eap.src.rpm eap7-wildfly-elytron-1.6.2-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-elytron-tool-1.4.1-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-http-client-1.0.13-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-transaction-client-1.1.3-1.Final_redhat_00001.1.el7eap.src.rpm eap7-yasson-1.0.2-1.redhat_00001.1.el7eap.src.rpm
noarch: eap7-activemq-artemis-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-cli-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-commons-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-core-client-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-dto-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-jms-client-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-jms-server-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-journal-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-native-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-ra-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-selector-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-server-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-activemq-artemis-tools-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm eap7-apache-commons-lang-3.8.0-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-rt-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-services-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-tools-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm eap7-apache-cxf-xjc-utils-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm eap7-byte-buddy-1.9.5-1.redhat_00001.1.el7eap.noarch.rpm eap7-cxf-xjc-boolean-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm eap7-cxf-xjc-bug986-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm eap7-cxf-xjc-dv-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm eap7-cxf-xjc-runtime-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm eap7-cxf-xjc-ts-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm eap7-dom4j-2.1.1-2.redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm eap7-hibernate-core-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm eap7-hibernate-entitymanager-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm eap7-hibernate-envers-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm eap7-hibernate-java8-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm eap7-httpcomponents-asyncclient-4.1.4-1.redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-cachestore-jdbc-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-cachestore-remote-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-client-hotrod-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-commons-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-core-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-api-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-api-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-ironjacamar-validator-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-istack-commons-runtime-3.0.7-2.redhat_00001.1.el7eap.noarch.rpm eap7-istack-commons-tools-3.0.7-2.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-annotations-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-core-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-databind-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-datatype-jdk8-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-datatype-jsr310-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-jaxrs-base-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-modules-base-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm eap7-jackson-modules-java8-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm eap7-jberet-1.3.2-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jberet-core-1.3.2-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-ejb-client-4.0.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-el-api_3.0_spec-1.0.13-2.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-genericjms-2.0.1-2.Final_redhat_00002.1.el7eap.noarch.rpm eap7-jboss-logmanager-2.1.7-3.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-remoting-jmx-3.0.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-security-negotiation-3.0.5-2.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-server-migration-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-cli-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-core-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm eap7-narayana-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-compensations-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-jbosstxbridge-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-jbossxts-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-jts-idlj-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-jts-integration-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-restat-api-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-restat-bridge-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-restat-integration-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-restat-util-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-narayana-txframework-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-picketlink-api-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-bindings-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-common-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-config-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-federation-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-idm-api-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-idm-impl-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-idm-simple-schema-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-impl-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-picketlink-wildfly8-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm eap7-resteasy-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-atom-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-cdi-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-client-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-client-microprofile-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-crypto-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jackson2-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxb-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jaxrs-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jettison-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jose-jwt-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-jsapi-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-binding-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-json-p-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-multipart-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-rxjava2-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-spring-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-validator-provider-11-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-resteasy-yaml-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm eap7-sun-istack-commons-3.0.7-2.redhat_00001.1.el7eap.noarch.rpm eap7-undertow-2.0.19-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-jastow-2.0.7-2.Final_redhat_00001.1.el7eap.noarch.rpm eap7-undertow-server-1.2.4-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm eap7-wildfly-elytron-1.6.2-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-tool-1.4.1-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-client-common-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm eap7-wildfly-modules-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm eap7-wildfly-transaction-client-1.1.3-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-yasson-1.0.2-1.redhat_00001.1.el7eap.noarch.rpm
x86_64: eap7-artemis-native-2.6.3-15.redhat_00020.el7eap.x86_64.rpm eap7-artemis-native-wildfly-2.6.3-15.redhat_00020.el7eap.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-11307 https://access.redhat.com/security/cve/CVE-2018-12022 https://access.redhat.com/security/cve/CVE-2018-12023 https://access.redhat.com/security/cve/CVE-2018-14642 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2019-3805 https://access.redhat.com/security/cve/CVE-2019-3894 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXNLIE9zjgjWX9erEAQglKw/+JyHe4joco43PeWiW+gtOUi1LmK+vvmA/ gkH43MSvriK9Skka+B0ZkTDUvIOe12f4be3IOpN3utcEcDHa/FgvsGZDnSSEsqRl 4W0cPWOFpeGw1NxgeP/wyHl/ccuwmFgXyxOstqx3T93HsVLBteQfjDM/TNbRATPu ESGwZbdJFWaGHTrYzK2U1z7kvWeG81Qc+nTzD52HT8Gl2Ru8Joy7cYhH2h42vLra PMOM5R7EWKINRFlIwPAO4rtvkZh+NfpViMvxcVxoObRue4FuAnoToZiyo50daPQI 0GSvYcPlUB6eVttOmQuq63j4pypm+p7uEf4gFkOc0n38RaiiRx7TLdAoRwjg/oL+ 9gKnDg1uXOy0UOLiQbYSQXTQiN/5fo5cpGJ2y0VCI/bWcULq4owLrwzGbcRS2kN1 RB94DglvRUcqbIcC3FIDKA6pUEAqyNL8j4moQfjvmxDHtdkFbWdMVyCPsVnqeRpi bXpTDQhsrdIEM6Hvmc16Zoli2vurhhwTOSEh5eBOP6H29UOduZRUA5Bi7QazgdOj B+NLXH2088Xy+bTvu9xv5iFBQ47Kp/EEvFr+xqU9sVzggIXpyLgn5G03/GOAKkJ7 DHVygbhSYgeopJnFD1vD1Xz5cQHwoFwao00DXti3rUi9FbcQR0H/UQSmNq/OujOk Jr14u9JZfcw=EHUv -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0262",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wildfly",
"scope": "lte",
"trust": 1.0,
"vendor": "redhat",
"version": "16.0.0"
},
{
"model": "wildfly",
"scope": "gte",
"trust": 1.0,
"vendor": "redhat",
"version": "11.0.0"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0.0"
},
{
"model": "jboss enterprise application platform",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "wildfly",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "11 to 16"
},
{
"model": "hat wildfly",
"scope": "gte",
"trust": 0.6,
"vendor": "red",
"version": "11\u003c=16"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14824"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004452"
},
{
"db": "NVD",
"id": "CVE-2019-3894"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:redhat:jboss_enterprise_application_platform",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:redhat:jboss_wildfly_application_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004452"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "152764"
},
{
"db": "PACKETSTORM",
"id": "152765"
},
{
"db": "PACKETSTORM",
"id": "152766"
},
{
"db": "PACKETSTORM",
"id": "152779"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-108"
}
],
"trust": 1.0
},
"cve": "CVE-2019-3894",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2019-3894",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-14824",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-3894",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secalert@redhat.com",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-3894",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3894",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3894",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2019-3894",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-3894",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-14824",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-108",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-3894",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14824"
},
{
"db": "VULMON",
"id": "CVE-2019-3894"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004452"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-108"
},
{
"db": "NVD",
"id": "CVE-2019-3894"
},
{
"db": "NVD",
"id": "CVE-2019-3894"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "It was discovered that the ElytronManagedThread in Wildfly\u0027s Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing. Wildfly Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. RedHatWildfly is a JavaEE-based lightweight open source application server from RedHat. Elytronsubsystem is one of the security framework subsystems. Permissions and access control issues vulnerabilities exist in the ElytronManagedThread of the Elytron subsystem in the RedHatWildfly11 to 16 release. The vulnerability stems from the lack of effective permissions and access control measures for network systems or products. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 7 security update\nAdvisory ID: RHSA-2019:1108-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:1108\nIssue date: 2019-05-08\nCVE Names: CVE-2018-11307 CVE-2018-12022 CVE-2018-12023\n CVE-2018-14642 CVE-2018-14720 CVE-2018-14721\n CVE-2019-3805 CVE-2019-3894\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.2 for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.2 for RHEL 7 Server - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on JBoss Application Server 7. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.2.1 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.2.0,\nand includes bug fixes and enhancements. Refer to the Red Hat JBoss\nEnterprise Application Platform 7.2.1 Release Notes for information on the\nmost significant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* jackson-databind: Potential information exfiltration with default typing,\nserialization gadget from MyBatis (CVE-2018-11307)\n\n* jackson-databind: improper polymorphic deserialization of types from\nJodd-db library (CVE-2018-12022)\n\n* jackson-databind: improper polymorphic deserialization of types from\nOracle JDBC driver (CVE-2018-12023)\n\n* undertow: Infoleak in some circumstances where Undertow can serve data\nfrom a random buffer (CVE-2018-14642)\n\n* jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)\n\n* jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n(CVE-2018-14721)\n\n* wildfly: Race condition on PID file allows for termination of arbitrary\nprocesses by local users (CVE-2019-3805)\n\n* wildfly: wrong SecurityIdentity for EE concurrency threads that are\nreused (CVE-2019-3894)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1628702 - CVE-2018-14642 undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer\n1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1671096 - CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver\n1671097 - CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library\n1677341 - CVE-2018-11307 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis\n1682108 - CVE-2019-3894 wildfly: wrong SecurityIdentity for EE concurrency threads that are reused\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-14861 - [GSS](7.2.z) Upgrade JBeret from 1.3.1.Final to 1.3.2.Final\nJBEAP-15392 - (7.2.z) Upgrade Apache CXF from 3.2.5 to 3.2.7\nJBEAP-15477 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4\nJBEAP-15478 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4\nJBEAP-15568 - [GSS](7.2.z) Upgrade ironjacamar from 1.4.11 Final to 1.4.15 Final\nJBEAP-15617 - (7.2.z) Upgrade WildFly Core from 6.0.11 to 6.0.12\nJBEAP-15622 - [GSS](7.2.z) Upgrade jboss-el-api_spec from 1.0.12.Final to 1.0.13.Final\nJBEAP-15748 - [GSS](7.2.z) Upgrade jastow from 2.0.6.Final-redhat-00001 to 2.0.7.Final-redhat-00001\nJBEAP-15805 - (7.2.z) Upgrade Hibernate ORM from 5.3.7 to 5.3.8\nJBEAP-15851 - [ENG] (7.2.z) Upgrade Infinispan from 9.3.3.Final to 9.3.6.Final\nJBEAP-15869 - (7.2.z) Upgrade Undertow from 2.0.15 to 2.0.19\nJBEAP-15876 - (7.2.z) Upgrade Artemis from 2.6.3.redhat-00014 to 2.6.3.redhat-00020\nJBEAP-16025 - Upgrade yasson from 1.0.1 to 1.0.2\nJBEAP-16037 - [GSS](7.2.z) Upgrade Narayana from 5.9.0.Final to 5.9.1.Final\nJBEAP-16086 - (7.2.z) Upgrade WildFly HTTP client from 1.0.12.Final to 1.0.13.Final\nJBEAP-16090 - [GSS](7.2.z) Upgrade jboss-ejb-client from 4.0.12 to 4.0.15\nJBEAP-16091 - [GSS](7.2.z) Upgrade wildfly-transaction-client from 1.1.2.Final-redhat-1 to 1.1.3.Final-redhat-1\nJBEAP-16112 - (7.2.z) Upgrade FasterXML Jackson from 2.9.5.redhat-2 to 2.9.8\nJBEAP-16122 - [Runtimes] (7.2.z) Upgrade istack from 3.0.5.redhat-1 to 3.0.7.redhat-00001\nJBEAP-16123 - [Runtimes] (7.2.x) Upgrade commons-digester from 1.8 to 1.8.1.redhat-4\nJBEAP-16124 - [Runtimes] (7.2.x) Upgrade hornetq from 2.4.7.redhat-1 to 2.4.7.redhat-2\nJBEAP-16125 - [Runtimes] (7.2.x) Upgrade org.jboss.genericjms from 2.0.1.Final-redhat-1 to 2.0.1.Final-redhat-00002\nJBEAP-16137 - (7.2.z) (WFCORE) Upgrade FasterXML Jackson from 2.9.2 to 2.9.8\nJBEAP-16146 - (7.2.z) Upgrade Elytron from 1.6.1.Final to 1.6.2.Final\nJBEAP-16147 - (7.2.z) Upgrade Elytron-Tool from 1.4.0 to 1.4.1.Final\nJBEAP-16234 - Tracker bug for the EAP 7.2.1 release for RHEL-7\nJBEAP-16259 - (7.2.z) Upgrade legacy EJB Client from 3.0.2.Final-redhat-1 to 3.0.3.Final-redhat-1\nJBEAP-16276 - (7.2.z) Upgrade elytron-web from 1.2.3.Final to 1.2.4.Final\nJBEAP-16321 - (7.2.z) HHH-13099 HHH-13283 Upgrade ByteBuddy from 1.8.17 to 1.9.5\nJBEAP-16347 - (7.2.z) Upgrade jboss-logmanager from 2.1.5.Final-redhat-00001 to 2.1.7.Final\nJBEAP-16356 - (7.2.z) Upgrade RESTEasy from 3.6.1.SP2 to 3.6.1.SP3\nJBEAP-16367 - (7.2.z) Upgrade commons-lang3 from 3.6.0-redhat-1 to 3.8-redhat-00001\nJBEAP-16368 - (7.2.z) Upgrade cxf-xjc from 3.2.2.redhat-00001 to 3.2.3.redhat-00002\nJBEAP-16369 - (7.2.z) Upgrade httpasyncclient from 4.1.3.redhat-2 to 4.1.4.redhat-00001\nJBEAP-16381 - (7.2.z) Upgrade jboss-remoting-jmx from 3.0.0.Final to 3.0.1.Final\nJBEAP-16418 - (7.2.z) Upgrade Hibernate ORM from 5.3.8 to 5.3.9\nJBEAP-9657 - (7.2.z) Upgrade jboss-negotiation from 3.0.4 to 3.0.5.Final-redhat-00001\n\n7. Package List:\n\nRed Hat JBoss EAP 7.2 for RHEL 7 Server:\n\nSource:\neap7-activemq-artemis-2.6.3-5.redhat_00020.1.el7eap.src.rpm\neap7-apache-commons-lang-3.8.0-1.redhat_00001.1.el7eap.src.rpm\neap7-apache-cxf-3.2.7-1.redhat_00001.1.el7eap.src.rpm\neap7-apache-cxf-xjc-utils-3.2.3-2.redhat_00002.1.el7eap.src.rpm\neap7-artemis-native-2.6.3-15.redhat_00020.el7eap.src.rpm\neap7-byte-buddy-1.9.5-1.redhat_00001.1.el7eap.src.rpm\neap7-dom4j-2.1.1-2.redhat_00001.1.el7eap.src.rpm\neap7-elytron-web-1.2.4-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-hibernate-5.3.9-2.Final_redhat_00002.1.el7eap.src.rpm\neap7-httpcomponents-asyncclient-4.1.4-1.redhat_00001.1.el7eap.src.rpm\neap7-infinispan-9.3.6-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-ironjacamar-1.4.15-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jackson-annotations-2.9.8-2.redhat_00004.1.el7eap.src.rpm\neap7-jackson-core-2.9.8-2.redhat_00004.1.el7eap.src.rpm\neap7-jackson-databind-2.9.8-2.redhat_00004.1.el7eap.src.rpm\neap7-jackson-jaxrs-providers-2.9.8-2.redhat_00004.1.el7eap.src.rpm\neap7-jackson-modules-base-2.9.8-1.redhat_00004.1.el7eap.src.rpm\neap7-jackson-modules-java8-2.9.8-1.redhat_00004.1.el7eap.src.rpm\neap7-jberet-1.3.2-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-ejb-client-4.0.15-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-el-api_3.0_spec-1.0.13-2.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-genericjms-2.0.1-2.Final_redhat_00002.1.el7eap.src.rpm\neap7-jboss-logmanager-2.1.7-3.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-remoting-jmx-3.0.1-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-security-negotiation-3.0.5-2.Final_redhat_00001.1.el7eap.src.rpm\neap7-jboss-server-migration-1.3.0-7.Final_redhat_00004.1.el7eap.src.rpm\neap7-narayana-5.9.1-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-picketlink-bindings-2.5.5-16.SP12_redhat_4.1.el7eap.src.rpm\neap7-picketlink-federation-2.5.5-16.SP12_redhat_4.1.el7eap.src.rpm\neap7-resteasy-3.6.1-4.SP3_redhat_00001.1.el7eap.src.rpm\neap7-sun-istack-commons-3.0.7-2.redhat_00001.1.el7eap.src.rpm\neap7-undertow-2.0.19-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-undertow-jastow-2.0.7-2.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-7.2.1-6.GA_redhat_00004.1.el7eap.src.rpm\neap7-wildfly-elytron-1.6.2-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-elytron-tool-1.4.1-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-http-client-1.0.13-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-transaction-client-1.1.3-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-yasson-1.0.2-1.redhat_00001.1.el7eap.src.rpm\n\nnoarch:\neap7-activemq-artemis-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-cli-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-commons-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-core-client-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-dto-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-hornetq-protocol-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-hqclient-protocol-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-jdbc-store-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-jms-client-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-jms-server-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-journal-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-native-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-ra-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-selector-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-server-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-service-extensions-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-activemq-artemis-tools-2.6.3-5.redhat_00020.1.el7eap.noarch.rpm\neap7-apache-commons-lang-3.8.0-1.redhat_00001.1.el7eap.noarch.rpm\neap7-apache-cxf-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm\neap7-apache-cxf-rt-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm\neap7-apache-cxf-services-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm\neap7-apache-cxf-tools-3.2.7-1.redhat_00001.1.el7eap.noarch.rpm\neap7-apache-cxf-xjc-utils-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm\neap7-byte-buddy-1.9.5-1.redhat_00001.1.el7eap.noarch.rpm\neap7-cxf-xjc-boolean-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm\neap7-cxf-xjc-bug986-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm\neap7-cxf-xjc-dv-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm\neap7-cxf-xjc-runtime-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm\neap7-cxf-xjc-ts-3.2.3-2.redhat_00002.1.el7eap.noarch.rpm\neap7-dom4j-2.1.1-2.redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-hibernate-core-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-hibernate-envers-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-hibernate-java8-5.3.9-2.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-httpcomponents-asyncclient-4.1.4-1.redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-cachestore-jdbc-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-cachestore-remote-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-client-hotrod-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-commons-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-core-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-hibernate-cache-commons-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-hibernate-cache-spi-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-infinispan-hibernate-cache-v53-9.3.6-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-api-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-impl-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-common-spi-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-core-api-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-core-impl-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-deployers-common-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-jdbc-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-ironjacamar-validator-1.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-istack-commons-runtime-3.0.7-2.redhat_00001.1.el7eap.noarch.rpm\neap7-istack-commons-tools-3.0.7-2.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-annotations-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-core-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-databind-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-datatype-jdk8-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-datatype-jsr310-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-jaxrs-base-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-jaxrs-json-provider-2.9.8-2.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-module-jaxb-annotations-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-modules-base-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm\neap7-jackson-modules-java8-2.9.8-1.redhat_00004.1.el7eap.noarch.rpm\neap7-jberet-1.3.2-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jberet-core-1.3.2-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-ejb-client-4.0.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-el-api_3.0_spec-1.0.13-2.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-genericjms-2.0.1-2.Final_redhat_00002.1.el7eap.noarch.rpm\neap7-jboss-logmanager-2.1.7-3.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-remoting-jmx-3.0.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-security-negotiation-3.0.5-2.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-server-migration-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-cli-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-core-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly13.0-server-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-to-eap7.2-1.3.0-7.Final_redhat_00004.1.el7eap.noarch.rpm\neap7-narayana-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-compensations-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-jbosstxbridge-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-jbossxts-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-jts-idlj-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-jts-integration-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-restat-api-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-restat-bridge-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-restat-integration-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-restat-util-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-narayana-txframework-5.9.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-picketlink-api-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-bindings-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-common-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-config-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-federation-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-idm-api-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-idm-impl-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-idm-simple-schema-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-impl-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-picketlink-wildfly8-2.5.5-16.SP12_redhat_4.1.el7eap.noarch.rpm\neap7-resteasy-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-atom-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-cdi-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-client-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-client-microprofile-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-crypto-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jackson-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jackson2-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jaxb-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jaxrs-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jettison-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jose-jwt-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-jsapi-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-json-binding-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-json-p-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-multipart-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-rxjava2-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-spring-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-validator-provider-11-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-resteasy-yaml-provider-3.6.1-4.SP3_redhat_00001.1.el7eap.noarch.rpm\neap7-sun-istack-commons-3.0.7-2.redhat_00001.1.el7eap.noarch.rpm\neap7-undertow-2.0.19-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-undertow-jastow-2.0.7-2.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-undertow-server-1.2.4-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm\neap7-wildfly-elytron-1.6.2-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-elytron-tool-1.4.1-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-client-common-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-ejb-client-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-naming-client-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-transaction-client-1.0.13-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-java-jdk11-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm\neap7-wildfly-java-jdk8-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm\neap7-wildfly-javadocs-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm\neap7-wildfly-modules-7.2.1-6.GA_redhat_00004.1.el7eap.noarch.rpm\neap7-wildfly-transaction-client-1.1.3-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-yasson-1.0.2-1.redhat_00001.1.el7eap.noarch.rpm\n\nx86_64:\neap7-artemis-native-2.6.3-15.redhat_00020.el7eap.x86_64.rpm\neap7-artemis-native-wildfly-2.6.3-15.redhat_00020.el7eap.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-11307\nhttps://access.redhat.com/security/cve/CVE-2018-12022\nhttps://access.redhat.com/security/cve/CVE-2018-12023\nhttps://access.redhat.com/security/cve/CVE-2018-14642\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2019-3805\nhttps://access.redhat.com/security/cve/CVE-2019-3894\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXNLIE9zjgjWX9erEAQglKw/+JyHe4joco43PeWiW+gtOUi1LmK+vvmA/\ngkH43MSvriK9Skka+B0ZkTDUvIOe12f4be3IOpN3utcEcDHa/FgvsGZDnSSEsqRl\n4W0cPWOFpeGw1NxgeP/wyHl/ccuwmFgXyxOstqx3T93HsVLBteQfjDM/TNbRATPu\nESGwZbdJFWaGHTrYzK2U1z7kvWeG81Qc+nTzD52HT8Gl2Ru8Joy7cYhH2h42vLra\nPMOM5R7EWKINRFlIwPAO4rtvkZh+NfpViMvxcVxoObRue4FuAnoToZiyo50daPQI\n0GSvYcPlUB6eVttOmQuq63j4pypm+p7uEf4gFkOc0n38RaiiRx7TLdAoRwjg/oL+\n9gKnDg1uXOy0UOLiQbYSQXTQiN/5fo5cpGJ2y0VCI/bWcULq4owLrwzGbcRS2kN1\nRB94DglvRUcqbIcC3FIDKA6pUEAqyNL8j4moQfjvmxDHtdkFbWdMVyCPsVnqeRpi\nbXpTDQhsrdIEM6Hvmc16Zoli2vurhhwTOSEh5eBOP6H29UOduZRUA5Bi7QazgdOj\nB+NLXH2088Xy+bTvu9xv5iFBQ47Kp/EEvFr+xqU9sVzggIXpyLgn5G03/GOAKkJ7\nDHVygbhSYgeopJnFD1vD1Xz5cQHwoFwao00DXti3rUi9FbcQR0H/UQSmNq/OujOk\nJr14u9JZfcw=EHUv\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3894"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004452"
},
{
"db": "CNVD",
"id": "CNVD-2019-14824"
},
{
"db": "VULMON",
"id": "CVE-2019-3894"
},
{
"db": "PACKETSTORM",
"id": "152764"
},
{
"db": "PACKETSTORM",
"id": "152765"
},
{
"db": "PACKETSTORM",
"id": "152766"
},
{
"db": "PACKETSTORM",
"id": "152779"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3894",
"trust": 3.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004452",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "152766",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "152779",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-14824",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1618",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1638",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-108",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-3894",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152764",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152765",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14824"
},
{
"db": "VULMON",
"id": "CVE-2019-3894"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004452"
},
{
"db": "PACKETSTORM",
"id": "152764"
},
{
"db": "PACKETSTORM",
"id": "152765"
},
{
"db": "PACKETSTORM",
"id": "152766"
},
{
"db": "PACKETSTORM",
"id": "152779"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-108"
},
{
"db": "NVD",
"id": "CVE-2019-3894"
}
]
},
"id": "VAR-201905-0262",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14824"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14824"
}
]
},
"last_update_date": "2024-08-14T12:15:45.270000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug 1682108",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3894"
},
{
"title": "RHSA-2019:1106",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2019:1106"
},
{
"title": "RHSA-2019:1107",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2019:1107"
},
{
"title": "RHSA-2019:1108",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2019:1108"
},
{
"title": "RHSA-2019:1140",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2019:1140"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191106 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191107 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191108 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.3.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191140 - Security Advisory"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3894"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004452"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-358",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004452"
},
{
"db": "NVD",
"id": "CVE-2019-3894"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:1106"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:1140"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1108"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1107"
},
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3894"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3894"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190517-0004/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3894"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2019-3894"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152779/red-hat-security-advisory-2019-1140-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/red-hat-jboss-enterprise-application-platform-wildfly-privilege-escalation-via-elytronmanagedthread-29228"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152766/red-hat-security-advisory-2019-1107-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80598"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80514"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14642"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12022"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12023"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-12023"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-14642"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-12022"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11307"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-3894"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-11307"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-3805"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3805"
},
{
"trust": 0.3,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3868"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=core.service.rhsso\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3868"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14824"
},
{
"db": "VULMON",
"id": "CVE-2019-3894"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004452"
},
{
"db": "PACKETSTORM",
"id": "152764"
},
{
"db": "PACKETSTORM",
"id": "152765"
},
{
"db": "PACKETSTORM",
"id": "152766"
},
{
"db": "PACKETSTORM",
"id": "152779"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-108"
},
{
"db": "NVD",
"id": "CVE-2019-3894"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-14824"
},
{
"db": "VULMON",
"id": "CVE-2019-3894"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004452"
},
{
"db": "PACKETSTORM",
"id": "152764"
},
{
"db": "PACKETSTORM",
"id": "152765"
},
{
"db": "PACKETSTORM",
"id": "152766"
},
{
"db": "PACKETSTORM",
"id": "152779"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-108"
},
{
"db": "NVD",
"id": "CVE-2019-3894"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14824"
},
{
"date": "2019-05-03T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3894"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004452"
},
{
"date": "2019-05-08T17:45:48",
"db": "PACKETSTORM",
"id": "152764"
},
{
"date": "2019-05-08T17:45:55",
"db": "PACKETSTORM",
"id": "152765"
},
{
"date": "2019-05-08T17:46:03",
"db": "PACKETSTORM",
"id": "152766"
},
{
"date": "2019-05-09T10:21:11",
"db": "PACKETSTORM",
"id": "152779"
},
{
"date": "2019-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-108"
},
{
"date": "2019-05-03T20:29:01.327000",
"db": "NVD",
"id": "CVE-2019-3894"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14824"
},
{
"date": "2020-10-15T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3894"
},
{
"date": "2019-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004452"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-108"
},
{
"date": "2020-10-15T19:50:03.567000",
"db": "NVD",
"id": "CVE-2019-3894"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-108"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wildfly Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004452"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-108"
}
],
"trust": 0.6
}
}
cve-2020-14297
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-14297",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:09:41.879622Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:14:53.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wildfly",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "jboss-ejb-client as shipped with Red Hat JBoss EAP 7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in Wildfly\u0027s EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-24T15:37:25",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14297",
"datePublished": "2020-07-24T15:37:25",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-10-15T17:14:53.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3805
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2019:1107 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:1108 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:1106 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:1140 | vendor-advisory, x_refsource_REDHAT | |
| https://security.netapp.com/advisory/ntap-20190517-0004/ | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2019:2413 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2020:0727 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805"
},
{
"name": "RHSA-2019:1107",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1107"
},
{
"name": "RHSA-2019:1108",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1108"
},
{
"name": "RHSA-2019:1106",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1106"
},
{
"name": "RHSA-2019:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1140"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190517-0004/"
},
{
"name": "RHSA-2019:2413",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2413"
},
{
"name": "RHSA-2020:0727",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wildfly",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "affects up to 16.0.0.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-364",
"description": "CWE-364",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T11:06:48",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805"
},
{
"name": "RHSA-2019:1107",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1107"
},
{
"name": "RHSA-2019:1108",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1108"
},
{
"name": "RHSA-2019:1106",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1106"
},
{
"name": "RHSA-2019:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1140"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190517-0004/"
},
{
"name": "RHSA-2019:2413",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2413"
},
{
"name": "RHSA-2020:0727",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3805",
"datePublished": "2019-05-03T19:25:28",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:19:18.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3894
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3894 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2019:1107 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:1108 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:1106 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:1140 | vendor-advisory, x_refsource_REDHAT | |
| https://security.netapp.com/advisory/ntap-20190517-0004/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3894"
},
{
"name": "RHSA-2019:1107",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1107"
},
{
"name": "RHSA-2019:1108",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1108"
},
{
"name": "RHSA-2019:1106",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1106"
},
{
"name": "RHSA-2019:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1140"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190517-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wildfly",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "affects from 11 to 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the ElytronManagedThread in Wildfly\u0027s Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T09:06:06",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3894"
},
{
"name": "RHSA-2019:1107",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1107"
},
{
"name": "RHSA-2019:1108",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1108"
},
{
"name": "RHSA-2019:1106",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1106"
},
{
"name": "RHSA-2019:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1140"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190517-0004/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3894",
"datePublished": "2019-05-03T19:25:58",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:19:18.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14887
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14887 | x_refsource_CONFIRM | |
| https://issues.redhat.com/browse/JBEAP-17965 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20200327-0007/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14887"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.redhat.com/browse/JBEAP-17965"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200327-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wildfly",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "7.2.0.GA, 7.2.3.GA, 7.2.5.CR2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found when an OpenSSL security provider is used with Wildfly, the \u0027enabled-protocols\u0027 value in the Wildfly configuration isn\u0027t honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-757",
"description": "CWE-757",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-27T08:06:03",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14887"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.redhat.com/browse/JBEAP-17965"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200327-0007/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14887",
"datePublished": "2020-03-16T14:48:09",
"dateReserved": "2019-08-10T00:00:00",
"dateUpdated": "2024-08-05T00:26:39.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14307
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14307"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wildfly",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "jboss-ejb-client versions shipped with Red Hat JBoss EAP 7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Wildfly\u0027s Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14307"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14307",
"datePublished": "2020-07-24T00:00:00",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}