RHSA-2024:5856
- Source
- https://access.redhat.com/errata/RHSA-2024:5856
- Import Source
- https://security.access.redhat.com/data/osv/RHSA-2024:5856.json
- JSON Data
- https://api.osv.dev/v1/vulns/RHSA-2024:5856
- Related
- Published
- 2024-09-29T18:52:22Z
- Modified
- 2024-11-15T15:10:28Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.7 on RHEL 7 security update
- Details
- References
-
- https://access.redhat.com/errata/RHSA-2024:5856
- https://access.redhat.com/security/updates/classification/#important
- https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1
- https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index
- https://bugzilla.redhat.com/show_bug.cgi?id=1703469
- https://bugzilla.redhat.com/show_bug.cgi?id=1725807
- https://bugzilla.redhat.com/show_bug.cgi?id=1735645
- https://bugzilla.redhat.com/show_bug.cgi?id=1735744
- https://bugzilla.redhat.com/show_bug.cgi?id=1735745
- https://bugzilla.redhat.com/show_bug.cgi?id=1737517
- https://bugzilla.redhat.com/show_bug.cgi?id=1741860
- https://bugzilla.redhat.com/show_bug.cgi?id=1752770
- https://bugzilla.redhat.com/show_bug.cgi?id=1752980
- https://bugzilla.redhat.com/show_bug.cgi?id=1758619
- https://bugzilla.redhat.com/show_bug.cgi?id=1767483
- https://bugzilla.redhat.com/show_bug.cgi?id=1772464
- https://bugzilla.redhat.com/show_bug.cgi?id=1775293
- https://bugzilla.redhat.com/show_bug.cgi?id=1793970
- https://bugzilla.redhat.com/show_bug.cgi?id=1798509
- https://bugzilla.redhat.com/show_bug.cgi?id=1798524
- https://bugzilla.redhat.com/show_bug.cgi?id=1807305
- https://bugzilla.redhat.com/show_bug.cgi?id=2031667
- https://bugzilla.redhat.com/show_bug.cgi?id=2041949
- https://bugzilla.redhat.com/show_bug.cgi?id=2041959
- https://bugzilla.redhat.com/show_bug.cgi?id=2041967
- https://issues.redhat.com/browse/JBEAP-24826
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5856.json
- https://access.redhat.com/security/cve/CVE-2019-9511
- https://www.cve.org/CVERecord?id=CVE-2019-9511
- https://nvd.nist.gov/vuln/detail/CVE-2019-9511
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
- https://kb.cert.org/vuls/id/605641/
- https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
- https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/
- https://access.redhat.com/security/cve/CVE-2019-9512
- https://www.cve.org/CVERecord?id=CVE-2019-9512
- https://nvd.nist.gov/vuln/detail/CVE-2019-9512
- https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg
- https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA
- https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html
- https://access.redhat.com/security/cve/CVE-2019-9514
- https://www.cve.org/CVERecord?id=CVE-2019-9514
- https://nvd.nist.gov/vuln/detail/CVE-2019-9514
- https://access.redhat.com/security/cve/CVE-2019-9515
- https://www.cve.org/CVERecord?id=CVE-2019-9515
- https://nvd.nist.gov/vuln/detail/CVE-2019-9515
- https://access.redhat.com/security/cve/CVE-2019-10086
- https://www.cve.org/CVERecord?id=CVE-2019-10086
- https://nvd.nist.gov/vuln/detail/CVE-2019-10086
- https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt
- https://access.redhat.com/security/cve/CVE-2019-10174
- https://www.cve.org/CVERecord?id=CVE-2019-10174
- https://nvd.nist.gov/vuln/detail/CVE-2019-10174
- https://access.redhat.com/security/cve/CVE-2019-12384
- https://www.cve.org/CVERecord?id=CVE-2019-12384
- https://nvd.nist.gov/vuln/detail/CVE-2019-12384
- https://access.redhat.com/security/cve/CVE-2019-14379
- https://www.cve.org/CVERecord?id=CVE-2019-14379
- https://nvd.nist.gov/vuln/detail/CVE-2019-14379
- https://access.redhat.com/security/cve/CVE-2019-14843
- https://www.cve.org/CVERecord?id=CVE-2019-14843
- https://nvd.nist.gov/vuln/detail/CVE-2019-14843
- https://access.redhat.com/security/cve/CVE-2019-14888
- https://www.cve.org/CVERecord?id=CVE-2019-14888
- https://nvd.nist.gov/vuln/detail/CVE-2019-14888
- https://access.redhat.com/security/cve/CVE-2019-16869
- https://www.cve.org/CVERecord?id=CVE-2019-16869
- https://nvd.nist.gov/vuln/detail/CVE-2019-16869
- https://access.redhat.com/security/cve/CVE-2019-17531
- https://www.cve.org/CVERecord?id=CVE-2019-17531
- https://nvd.nist.gov/vuln/detail/CVE-2019-17531
- https://access.redhat.com/security/cve/CVE-2019-20444
- https://www.cve.org/CVERecord?id=CVE-2019-20444
- https://nvd.nist.gov/vuln/detail/CVE-2019-20444
- https://github.com/elastic/elasticsearch/issues/49396
- https://access.redhat.com/security/cve/CVE-2019-20445
- https://www.cve.org/CVERecord?id=CVE-2019-20445
- https://nvd.nist.gov/vuln/detail/CVE-2019-20445
- https://access.redhat.com/security/cve/CVE-2020-1710
- https://www.cve.org/CVERecord?id=CVE-2020-1710
- https://nvd.nist.gov/vuln/detail/CVE-2020-1710
- https://access.redhat.com/security/cve/CVE-2020-1745
- https://www.cve.org/CVERecord?id=CVE-2020-1745
- https://nvd.nist.gov/vuln/detail/CVE-2020-1745
- https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/
- https://www.cnvd.org.cn/webinfo/show/5415
- https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487
- https://access.redhat.com/security/cve/CVE-2020-1757
- https://www.cve.org/CVERecord?id=CVE-2020-1757
- https://nvd.nist.gov/vuln/detail/CVE-2020-1757
- https://access.redhat.com/security/cve/CVE-2021-4104
- https://access.redhat.com/security/vulnerabilities/RHSB-2021-009
- https://www.cve.org/CVERecord?id=CVE-2021-4104
- https://nvd.nist.gov/vuln/detail/CVE-2021-4104
- https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
- https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301
- https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx
- https://www.openwall.com/lists/oss-security/2021/12/13/1
- https://access.redhat.com/security/cve/CVE-2022-23302
- https://www.cve.org/CVERecord?id=CVE-2022-23302
- https://nvd.nist.gov/vuln/detail/CVE-2022-23302
- https://www.openwall.com/lists/oss-security/2022/01/18/3
- https://access.redhat.com/security/cve/CVE-2022-23305
- https://www.cve.org/CVERecord?id=CVE-2022-23305
- https://nvd.nist.gov/vuln/detail/CVE-2022-23305
- https://www.openwall.com/lists/oss-security/2022/01/18/4
- https://access.redhat.com/security/cve/CVE-2022-23307
- https://www.cve.org/CVERecord?id=CVE-2022-23307
- https://nvd.nist.gov/vuln/detail/CVE-2022-23307
- https://www.openwall.com/lists/oss-security/2022/01/18/5
Affected packages
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7 / eap7-apache-commons-beanutils
Package
- Name
- eap7-apache-commons-beanutils
- Purl
- pkg:rpm/redhat/eap7-apache-commons-beanutils
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7 / eap7-infinispan
Package
- Name
- eap7-infinispan
- Purl
- pkg:rpm/redhat/eap7-infinispan
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7 / eap7-infinispan-cachestore-jdbc
Package
- Name
- eap7-infinispan-cachestore-jdbc
- Purl
- pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7 / eap7-infinispan-cachestore-remote
Package
- Name
- eap7-infinispan-cachestore-remote
- Purl
- pkg:rpm/redhat/eap7-infinispan-cachestore-remote
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7 / eap7-infinispan-client-hotrod
Package
- Name
- eap7-infinispan-client-hotrod
- Purl
- pkg:rpm/redhat/eap7-infinispan-client-hotrod
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7 / eap7-infinispan-commons
Package
- Name
- eap7-infinispan-commons
- Purl
- pkg:rpm/redhat/eap7-infinispan-commons
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7 / eap7-infinispan-core
Package
- Name
- eap7-infinispan-core
- Purl
- pkg:rpm/redhat/eap7-infinispan-core
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7 / eap7-jackson-databind
Package
- Name
- eap7-jackson-databind
- Purl
- pkg:rpm/redhat/eap7-jackson-databind
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7 / eap7-log4j-jboss-logmanager
Package
- Name
- eap7-log4j-jboss-logmanager
- Purl
- pkg:rpm/redhat/eap7-log4j-jboss-logmanager
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7 / eap7-netty
Package
- Name
- eap7-netty
- Purl
- pkg:rpm/redhat/eap7-netty
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7 / eap7-netty-all
Package
- Name
- eap7-netty-all
- Purl
- pkg:rpm/redhat/eap7-netty-all
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7 / eap7-undertow
Package
- Name
- eap7-undertow
- Purl
- pkg:rpm/redhat/eap7-undertow
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7 / eap7-wildfly
Package
- Name
- eap7-wildfly
- Purl
- pkg:rpm/redhat/eap7-wildfly
Red Hat:jboss_enterprise_application_platform_eus:7.1::el7 / eap7-wildfly-elytron
Package
- Name
- eap7-wildfly-elytron
- Purl
- pkg:rpm/redhat/eap7-wildfly-elytron