Headline
RHSA-2023:0163: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-46364: Apache CXF: SSRF Vulnerability
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-01-12
Updated:
2023-01-12
RHSA-2023:0163 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: Red Hat JBoss Enterprise Application Platform 7.4 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.
Security Fix(es):
- CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
- JBoss Enterprise Application Platform 7.4 for RHEL 9 x86_64
- JBoss Enterprise Application Platform 7.4 for RHEL 8 x86_64
- JBoss Enterprise Application Platform 7.4 for RHEL 7 x86_64
Fixes
- BZ - 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability
References
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
JBoss Enterprise Application Platform 7.4 for RHEL 9
SRPM
eap7-apache-cxf-3.4.10-1.redhat_00001.1.el9eap.src.rpm
SHA-256: 3517c1b172ae8a09221a3d08942613d7ce6ff8bdeb47545b3b6f42653a2ebb3f
eap7-wss4j-2.3.3-1.redhat_00001.1.el9eap.src.rpm
SHA-256: e4efd81d4218235f504862db270336915b12e6e40169a614a719a6edcd04f66e
eap7-xml-security-2.2.3-1.redhat_00001.1.el9eap.src.rpm
SHA-256: 119b609e11418044c160192236476721b286b1630a73dd6394640727ea57cf61
x86_64
eap7-apache-cxf-3.4.10-1.redhat_00001.1.el9eap.noarch.rpm
SHA-256: bbf4a72b8a357a089d44fe3b828565a0bbc90d181d07a68bdd4bb9b35cbe9e4f
eap7-apache-cxf-rt-3.4.10-1.redhat_00001.1.el9eap.noarch.rpm
SHA-256: 5afcbcf251462154444ec63b8d0cda2455e45a125a349970a4477483f2665922
eap7-apache-cxf-services-3.4.10-1.redhat_00001.1.el9eap.noarch.rpm
SHA-256: e483a937245645edac0fc3f9b27ee2730d7c94b3658cb5cf3e3a49ef69c88b81
eap7-apache-cxf-tools-3.4.10-1.redhat_00001.1.el9eap.noarch.rpm
SHA-256: f4697f8bb638c2cc2226ec190b04d47cd0e91b8c7e9cd63af0e4fe72e4433d27
eap7-wss4j-2.3.3-1.redhat_00001.1.el9eap.noarch.rpm
SHA-256: 73dc0af3b5b9ffadeb1cf56c8c27fd8e0613df2cb64437f7823f6b26766f488c
eap7-wss4j-bindings-2.3.3-1.redhat_00001.1.el9eap.noarch.rpm
SHA-256: 9e3a42d1cad6cab00003a6b8934e570b6f59e019c0df573896417685b8c703b0
eap7-wss4j-policy-2.3.3-1.redhat_00001.1.el9eap.noarch.rpm
SHA-256: d85b42bc2025bcddafe6ee323c9dd3dec5ff6c9cd017ce5c417ea731e428ef98
eap7-wss4j-ws-security-common-2.3.3-1.redhat_00001.1.el9eap.noarch.rpm
SHA-256: 1a4d63a2f43e014cef82739a70d4874525133043610f5684ce411ea0f7c42b94
eap7-wss4j-ws-security-dom-2.3.3-1.redhat_00001.1.el9eap.noarch.rpm
SHA-256: 04795eb391e567db76a62ce80c4d088eb689fe2fb30d802328e58bd7a0dd853f
eap7-wss4j-ws-security-policy-stax-2.3.3-1.redhat_00001.1.el9eap.noarch.rpm
SHA-256: 477329dd70371d77bd382c9a2d24df3ca31bf6fee257e54477a124793b8f7b24
eap7-wss4j-ws-security-stax-2.3.3-1.redhat_00001.1.el9eap.noarch.rpm
SHA-256: 521b539c66c1925bc6d26c5586232d37b42fde788eebb22bb0051bd3cb1dfbc8
eap7-xml-security-2.2.3-1.redhat_00001.1.el9eap.noarch.rpm
SHA-256: 8c8e39a9c0ec846857ea74a659b86006b594e9de9ba9bc82b9a56ca74d146dff
JBoss Enterprise Application Platform 7.4 for RHEL 8
SRPM
eap7-apache-cxf-3.4.10-1.redhat_00001.1.el8eap.src.rpm
SHA-256: f946b61dcd4df48ee05d21cbd0865faa95d4d87e46b78330e40273aca5947562
eap7-wss4j-2.3.3-1.redhat_00001.1.el8eap.src.rpm
SHA-256: cf3f0979850637168b115c40867c231395ffd86b7d544f00c9d4163e1c27e6ee
eap7-xml-security-2.2.3-1.redhat_00001.1.el8eap.src.rpm
SHA-256: 5d5a7e85886c00a206569fa2c1bb9906a6cf7740186ac46a2ba474d984bd7d37
x86_64
eap7-apache-cxf-3.4.10-1.redhat_00001.1.el8eap.noarch.rpm
SHA-256: 7227d91547176bb3b012b3accc3e24f95c4fd0e0be3319b7c7f05e4ded1f65a2
eap7-apache-cxf-rt-3.4.10-1.redhat_00001.1.el8eap.noarch.rpm
SHA-256: 316a594876be519e24d3b9d6119d42453a85196e994300a1f65e6c4ef428de69
eap7-apache-cxf-services-3.4.10-1.redhat_00001.1.el8eap.noarch.rpm
SHA-256: 31e640cbdf2db698422cf11f43861ae648faa16a0165fa8fc30d873f21719f5b
eap7-apache-cxf-tools-3.4.10-1.redhat_00001.1.el8eap.noarch.rpm
SHA-256: 92adeb27cba1078506a0ecdf777a7447cb8be2fb59830e71073644a12fcdf45b
eap7-wss4j-2.3.3-1.redhat_00001.1.el8eap.noarch.rpm
SHA-256: 1fd40cd49d069a3b971cf73be7a9de0759ed573fa7f744e6648890796ed6a213
eap7-wss4j-bindings-2.3.3-1.redhat_00001.1.el8eap.noarch.rpm
SHA-256: e516cee6f775667d61bd5f5a2ab85929ed4cab521d439a5b4878c44a4c9814c0
eap7-wss4j-policy-2.3.3-1.redhat_00001.1.el8eap.noarch.rpm
SHA-256: 6d07dc1ef5172d29234b9eb70424ae22ba11ff66abb61fb56e211f8b19965477
eap7-wss4j-ws-security-common-2.3.3-1.redhat_00001.1.el8eap.noarch.rpm
SHA-256: 55b2fb24b198d28a5e5e071061a265595299a56e5ba88b71f2ea16a418d35a46
eap7-wss4j-ws-security-dom-2.3.3-1.redhat_00001.1.el8eap.noarch.rpm
SHA-256: 9254c93180521f416278af856e1141786f51390cc4a4c126b0dcf80f3f3db365
eap7-wss4j-ws-security-policy-stax-2.3.3-1.redhat_00001.1.el8eap.noarch.rpm
SHA-256: 2c5a5c735fa832fc239f64b91f7a75298345abc97a07b7688300f9b5262bda11
eap7-wss4j-ws-security-stax-2.3.3-1.redhat_00001.1.el8eap.noarch.rpm
SHA-256: 4b9e68a2169fcd5dd7a09def31092a6c583d8430fff9f84127911c49fa72de7c
eap7-xml-security-2.2.3-1.redhat_00001.1.el8eap.noarch.rpm
SHA-256: 5eaba0e2a88ddb836f348cc2422d7a24977ec218613937d76bd041ad089a50c9
JBoss Enterprise Application Platform 7.4 for RHEL 7
SRPM
eap7-apache-cxf-3.4.10-1.redhat_00001.1.el7eap.src.rpm
SHA-256: 4fa5b5056a866a17411bb0231b61d83182e9e86d670e5894ae93f444c888194d
eap7-wss4j-2.3.3-1.redhat_00001.1.el7eap.src.rpm
SHA-256: 29e5f7c222cffee43b6b0892872af16ba94db3eea16c4fb413b9ec4902d2796d
eap7-xml-security-2.2.3-1.redhat_00001.1.el7eap.src.rpm
SHA-256: 8d5d5acc21c4c9892ecc8595c4dfc39c19e53e0b682b2102c4c17ca2b6cfd0a9
x86_64
eap7-apache-cxf-3.4.10-1.redhat_00001.1.el7eap.noarch.rpm
SHA-256: 3be516229e5d2d71b7b9a2b6e4105d9f7c1be1299a6dcbf38f018ad5986a6140
eap7-apache-cxf-rt-3.4.10-1.redhat_00001.1.el7eap.noarch.rpm
SHA-256: 40c65a765f2a1afaad85f3fb531582081e3b5a9a62b2bd153d01b2534e1dfcf2
eap7-apache-cxf-services-3.4.10-1.redhat_00001.1.el7eap.noarch.rpm
SHA-256: 20313ca0b71cc88a849b7027cabb716fedc68147f24da4a966403f25d33965eb
eap7-apache-cxf-tools-3.4.10-1.redhat_00001.1.el7eap.noarch.rpm
SHA-256: fd5a43649ae58f53a7122099f5ee406fb370d26c027201f066079873651cbedf
eap7-wss4j-2.3.3-1.redhat_00001.1.el7eap.noarch.rpm
SHA-256: b6d170bb3b689ef45f236c62267a4c9cee9e52b2c6b7ecb108bf8975a9a10f31
eap7-wss4j-bindings-2.3.3-1.redhat_00001.1.el7eap.noarch.rpm
SHA-256: 96ee3c3ef594b8435bc0ba10a61bc0b3b85b4e925028a112479cf479b050e106
eap7-wss4j-policy-2.3.3-1.redhat_00001.1.el7eap.noarch.rpm
SHA-256: 4fca3b4fc682da3fbb1a26b3165a3fad521c630aa8a9f9ad43703d414a58643f
eap7-wss4j-ws-security-common-2.3.3-1.redhat_00001.1.el7eap.noarch.rpm
SHA-256: 914ae2744ce257f10325d44d4a7ef87394a2c3ba8e78f42f18ada3c5cd3869ed
eap7-wss4j-ws-security-dom-2.3.3-1.redhat_00001.1.el7eap.noarch.rpm
SHA-256: 0073c6e7d42a5cf125ce04f5d4c07f60d3e5f90680426f50a9fc0578bdce3faf
eap7-wss4j-ws-security-policy-stax-2.3.3-1.redhat_00001.1.el7eap.noarch.rpm
SHA-256: ab93156b01c51b14a604be8de66f467652e22470f4be0fb2f2a9332c842ae6a0
eap7-wss4j-ws-security-stax-2.3.3-1.redhat_00001.1.el7eap.noarch.rpm
SHA-256: 6c820afb104a85e93c255018233253b081d7dcee95bbd974696e45c3459866ba
eap7-xml-security-2.2.3-1.redhat_00001.1.el7eap.noarch.rpm
SHA-256: 1896e265bc7072842ef788f06c45c1bb230dd0110349a8b9b5b889adb3a02f37
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.
A minor version update (from 7.11 to 7.12) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2012-5783: It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or su...
Camel for Spring Boot 3.18.3 Patch 2 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25857: A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections. * CVE-2022-38749: A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remot...
Migration Toolkit for Applications 6.1.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect ...
Red Hat Security Advisory 2023-1285-01 - Migration Toolkit for Runtimes 1.0.2 ZIP artifacts. Issues addressed include privilege escalation, server-side request forgery, and traversal vulnerabilities.
Migration Toolkit for Runtimes 1.0.2 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31690: A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system. * CVE-2022-41966: A flaw was found in the xstream package. This flaw allows an atta...
Red Hat Security Advisory 2023-1045-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.2 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, cross site scripting, denial of service, deserialization, html injection, memory exhaustion, server-side request forgery, and traversal vulnerabilities.
Red Hat Security Advisory 2023-1049-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.2 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, cross site scripting, denial of service, deserialization, html injection, memory exhaustion, open redirection, server-side request forgery, and traversal vulnerabilities.
Red Hat Security Advisory 2023-1043-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.2 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, cross site scripting, denial of service, deserialization, html injection, memory exhaustion, server-side request forgery, and traversal vulnerabilities.
New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-14040: In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. * CVE-2018-14042: In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. * CVE-2019-11358: A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modi...
A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-14040: In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. * CVE-2018-14042: In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. * CVE-2019-11358: A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modi...
A new image is available for Red Hat Single Sign-On 7.6.2, running on Red Hat OpenShift Container Platform from the release of 3.11 up to the release of 4.12.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-14040: In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. * CVE-2018-14042: In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. * CVE-2019-11358: A Prototype Pollution vulnerability was found in jque...
New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-14040: In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. * CVE-2018-14042: In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. * CVE-2019-11358: A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modi...
Red Hat Security Advisory 2023-0553-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, cross site scripting, denial of service, deserialization, memory exhaustion, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2023-0552-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, cross site scripting, denial of service, deserialization, memory exhaustion, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2023-0556-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, cross site scripting, denial of service, deserialization, memory exhaustion, and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2023-0544-01 - This patch, Camel for Spring Boot 3.14.5 Patch 1, serves as a replacement for the previous release of Camel for Spring Boot 3.14.5 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. This release of Camel for Spring Boot includes CXF artifacts that were missing from the previous 3.14.5 release. Issues addressed include a server-side request forgery vulnerability.
A patch is now available for Camel for Spring Boot 3.14.5. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40149: jettison: parser crash by stackoverflow * CVE-2022-45693: jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos * CVE-2022-46363: Apache CXF: directory listing / code exfiltration * CVE...
Red Hat Security Advisory 2023-0483-01 - This asynchronous update patches Red Hat Fuse 7.11.1 on Karaf and Red Hat Fuse 7.11.1 on Spring Boot and several includes security fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include a server-side request forgery vulnerability.
A security update for Fuse 7.11.1 is now available for Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-36437: hazelcast: Hazelcast connection caching * CVE-2022-46363: Apache CXF: directory listing / code exfiltration * CVE-2022-46364: Apache CXF: SSRF Vulnerability
Red Hat Security Advisory 2023-0163-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a server-side request forgery vulnerability.
Red Hat Security Advisory 2023-0163-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a server-side request forgery vulnerability.
Red Hat Security Advisory 2023-0164-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a server-side request forgery vulnerability.
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46364: Apache CXF: SSRF Vulnerability
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.