Vulnerability Database
Blog
FAQ
Docs
RHSA-2024:5856
See a problem?
Please try reporting it
to the source
first.
Source
https://access.redhat.com/errata/RHSA-2024:5856
Import Source
https://security.access.redhat.com/data/osv/RHSA-2024:5856.json
JSON Data
https://api.osv.dev/v1/vulns/RHSA-2024:5856
Related
CVE-2019-10086
CVE-2019-10174
CVE-2019-12384
CVE-2019-14379
CVE-2019-14843
CVE-2019-14888
CVE-2019-16869
CVE-2019-17531
CVE-2019-20444
CVE-2019-20445
CVE-2019-9511
CVE-2019-9512
CVE-2019-9514
CVE-2019-9515
CVE-2020-1710
CVE-2020-1745
CVE-2020-1757
CVE-2021-4104
CVE-2022-23302
CVE-2022-23305
CVE-2022-23307
Published
2024-09-29T18:52:22Z
Modified
2024-10-27T20:57:19Z
Severity
9.8 (Critical)
CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Calculator
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.7 on RHEL 7 security update
Details
References
https://access.redhat.com/errata/RHSA-2024:5856
https://access.redhat.com/security/updates/classification/#important
https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1
https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index
https://bugzilla.redhat.com/show_bug.cgi?id=1703469
https://bugzilla.redhat.com/show_bug.cgi?id=1725807
https://bugzilla.redhat.com/show_bug.cgi?id=1735645
https://bugzilla.redhat.com/show_bug.cgi?id=1735744
https://bugzilla.redhat.com/show_bug.cgi?id=1735745
https://bugzilla.redhat.com/show_bug.cgi?id=1737517
https://bugzilla.redhat.com/show_bug.cgi?id=1741860
https://bugzilla.redhat.com/show_bug.cgi?id=1752770
https://bugzilla.redhat.com/show_bug.cgi?id=1752980
https://bugzilla.redhat.com/show_bug.cgi?id=1758619
https://bugzilla.redhat.com/show_bug.cgi?id=1767483
https://bugzilla.redhat.com/show_bug.cgi?id=1772464
https://bugzilla.redhat.com/show_bug.cgi?id=1775293
https://bugzilla.redhat.com/show_bug.cgi?id=1793970
https://bugzilla.redhat.com/show_bug.cgi?id=1798509
https://bugzilla.redhat.com/show_bug.cgi?id=1798524
https://bugzilla.redhat.com/show_bug.cgi?id=1807305
https://bugzilla.redhat.com/show_bug.cgi?id=2031667
https://bugzilla.redhat.com/show_bug.cgi?id=2041949
https://bugzilla.redhat.com/show_bug.cgi?id=2041959
https://bugzilla.redhat.com/show_bug.cgi?id=2041967
https://issues.redhat.com/browse/JBEAP-24826
https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5856.json
https://access.redhat.com/security/cve/CVE-2019-9511
https://www.cve.org/CVERecord?id=CVE-2019-9511
https://nvd.nist.gov/vuln/detail/CVE-2019-9511
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
https://kb.cert.org/vuls/id/605641/
https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/
https://access.redhat.com/security/cve/CVE-2019-9512
https://www.cve.org/CVERecord?id=CVE-2019-9512
https://nvd.nist.gov/vuln/detail/CVE-2019-9512
https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg
https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA
https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html
https://access.redhat.com/security/cve/CVE-2019-9514
https://www.cve.org/CVERecord?id=CVE-2019-9514
https://nvd.nist.gov/vuln/detail/CVE-2019-9514
https://access.redhat.com/security/cve/CVE-2019-9515
https://www.cve.org/CVERecord?id=CVE-2019-9515
https://nvd.nist.gov/vuln/detail/CVE-2019-9515
https://access.redhat.com/security/cve/CVE-2019-10086
https://www.cve.org/CVERecord?id=CVE-2019-10086
https://nvd.nist.gov/vuln/detail/CVE-2019-10086
https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt
https://access.redhat.com/security/cve/CVE-2019-10174
https://www.cve.org/CVERecord?id=CVE-2019-10174
https://nvd.nist.gov/vuln/detail/CVE-2019-10174
https://access.redhat.com/security/cve/CVE-2019-12384
https://www.cve.org/CVERecord?id=CVE-2019-12384
https://nvd.nist.gov/vuln/detail/CVE-2019-12384
https://access.redhat.com/security/cve/CVE-2019-14379
https://www.cve.org/CVERecord?id=CVE-2019-14379
https://nvd.nist.gov/vuln/detail/CVE-2019-14379
https://access.redhat.com/security/cve/CVE-2019-14843
https://www.cve.org/CVERecord?id=CVE-2019-14843
https://nvd.nist.gov/vuln/detail/CVE-2019-14843
https://access.redhat.com/security/cve/CVE-2019-14888
https://www.cve.org/CVERecord?id=CVE-2019-14888
https://nvd.nist.gov/vuln/detail/CVE-2019-14888
https://access.redhat.com/security/cve/CVE-2019-16869
https://www.cve.org/CVERecord?id=CVE-2019-16869
https://nvd.nist.gov/vuln/detail/CVE-2019-16869
https://access.redhat.com/security/cve/CVE-2019-17531
https://www.cve.org/CVERecord?id=CVE-2019-17531
https://nvd.nist.gov/vuln/detail/CVE-2019-17531
https://access.redhat.com/security/cve/CVE-2019-20444
https://www.cve.org/CVERecord?id=CVE-2019-20444
https://nvd.nist.gov/vuln/detail/CVE-2019-20444
https://github.com/elastic/elasticsearch/issues/49396
https://access.redhat.com/security/cve/CVE-2019-20445
https://www.cve.org/CVERecord?id=CVE-2019-20445
https://nvd.nist.gov/vuln/detail/CVE-2019-20445
https://access.redhat.com/security/cve/CVE-2020-1710
https://www.cve.org/CVERecord?id=CVE-2020-1710
https://nvd.nist.gov/vuln/detail/CVE-2020-1710
https://access.redhat.com/security/cve/CVE-2020-1745
https://www.cve.org/CVERecord?id=CVE-2020-1745
https://nvd.nist.gov/vuln/detail/CVE-2020-1745
https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/
https://www.cnvd.org.cn/webinfo/show/5415
https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487
https://access.redhat.com/security/cve/CVE-2020-1757
https://www.cve.org/CVERecord?id=CVE-2020-1757
https://nvd.nist.gov/vuln/detail/CVE-2020-1757
https://access.redhat.com/security/cve/CVE-2021-4104
https://www.cve.org/CVERecord?id=CVE-2021-4104
https://nvd.nist.gov/vuln/detail/CVE-2021-4104
https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301
https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx
https://www.openwall.com/lists/oss-security/2021/12/13/1
https://access.redhat.com/security/cve/CVE-2022-23302
https://www.cve.org/CVERecord?id=CVE-2022-23302
https://nvd.nist.gov/vuln/detail/CVE-2022-23302
https://www.openwall.com/lists/oss-security/2022/01/18/3
https://access.redhat.com/security/cve/CVE-2022-23305
https://www.cve.org/CVERecord?id=CVE-2022-23305
https://nvd.nist.gov/vuln/detail/CVE-2022-23305
https://www.openwall.com/lists/oss-security/2022/01/18/4
https://access.redhat.com/security/cve/CVE-2022-23307
https://www.cve.org/CVERecord?id=CVE-2022-23307
https://nvd.nist.gov/vuln/detail/CVE-2022-23307
https://www.openwall.com/lists/oss-security/2022/01/18/5
Affected packages
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7
/
eap7-apache-commons-beanutils
Package
Name
eap7-apache-commons-beanutils
Purl
pkg:rpm/redhat/eap7-apache-commons-beanutils
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.9.4-1.redhat_00002.1.ep7.el7
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7
/
eap7-infinispan
Package
Name
eap7-infinispan
Purl
pkg:rpm/redhat/eap7-infinispan
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:8.2.11-1.SP2_redhat_00001.1.ep7.el7
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7
/
eap7-infinispan-cachestore-jdbc
Package
Name
eap7-infinispan-cachestore-jdbc
Purl
pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:8.2.11-1.SP2_redhat_00001.1.ep7.el7
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7
/
eap7-infinispan-cachestore-remote
Package
Name
eap7-infinispan-cachestore-remote
Purl
pkg:rpm/redhat/eap7-infinispan-cachestore-remote
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:8.2.11-1.SP2_redhat_00001.1.ep7.el7
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7
/
eap7-infinispan-client-hotrod
Package
Name
eap7-infinispan-client-hotrod
Purl
pkg:rpm/redhat/eap7-infinispan-client-hotrod
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:8.2.11-1.SP2_redhat_00001.1.ep7.el7
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7
/
eap7-infinispan-commons
Package
Name
eap7-infinispan-commons
Purl
pkg:rpm/redhat/eap7-infinispan-commons
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:8.2.11-1.SP2_redhat_00001.1.ep7.el7
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7
/
eap7-infinispan-core
Package
Name
eap7-infinispan-core
Purl
pkg:rpm/redhat/eap7-infinispan-core
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:8.2.11-1.SP2_redhat_00001.1.ep7.el7
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7
/
eap7-jackson-databind
Package
Name
eap7-jackson-databind
Purl
pkg:rpm/redhat/eap7-jackson-databind
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.8.11.5-1.redhat_00001.1.ep7.el7
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7
/
eap7-log4j-jboss-logmanager
Package
Name
eap7-log4j-jboss-logmanager
Purl
pkg:rpm/redhat/eap7-log4j-jboss-logmanager
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.2.2-1.Final_redhat_00002.1.ep7.el7
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7
/
eap7-netty
Package
Name
eap7-netty
Purl
pkg:rpm/redhat/eap7-netty
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.1.45-1.Final_redhat_00001.1.ep7.el7
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7
/
eap7-netty-all
Package
Name
eap7-netty-all
Purl
pkg:rpm/redhat/eap7-netty-all
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.1.45-1.Final_redhat_00001.1.ep7.el7
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7
/
eap7-undertow
Package
Name
eap7-undertow
Purl
pkg:rpm/redhat/eap7-undertow
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.4.18-12.SP12_redhat_00001.1.ep7.el7
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7
/
eap7-wildfly
Package
Name
eap7-wildfly
Purl
pkg:rpm/redhat/eap7-wildfly
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:7.1.7-2.GA_redhat_00002.1.ep7.el7
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7
/
eap7-wildfly-elytron
Package
Name
eap7-wildfly-elytron
Purl
pkg:rpm/redhat/eap7-wildfly-elytron
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.1.13-1.Final_redhat_00001.1.ep7.el7
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7
/
eap7-wildfly-modules
Package
Name
eap7-wildfly-modules
Purl
pkg:rpm/redhat/eap7-wildfly-modules
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:7.1.7-2.GA_redhat_00002.1.ep7.el7
RHSA-2024:5856 - OSV