Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2018:2428: Red Hat Security Advisory: Red Hat Single Sign-On 7.2.4 security update

A security update is now available for Red Hat Single Sign-On 7.2 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [2021-07-07 UPDATE: The advisory was originally published with incomplete informational links and has been republished to update those links. NO CODE HAS CHANGED WITH THIS UPDATE, AND NO ACTION IS REQUIRED.]Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.4 serves as a replacement for Red Hat Single Sign-On 7.2.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es):

  • guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)
  • bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)
  • cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services (CVE-2017-12624)
  • wildfly: wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (CVE-2018-10862)
  • cxf-core: apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)
  • keycloak: infinite loop in session replacement leading to denial of service (CVE-2018-10912) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs:
  • CVE-2017-12624: cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services
  • CVE-2018-8039: apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*
  • CVE-2018-10237: guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service
  • CVE-2018-10862: wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)
  • CVE-2018-10912: keycloak: infinite loop in session replacement leading to denial of service
  • CVE-2018-1000180: bouncycastle: flaw in the low-level interface to RSA key pair generator
Red Hat Security Data
#vulnerability#web#red_hat#dos#apache

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update