Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2023-1973
Vulnerability from cvelistv5
Published
2024-11-07 10:01
Modified
2024-11-07 14:06
Severity ?
EPSS score ?
Summary
A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat JBoss Enterprise Application Platform 7 |
cpe:/a:redhat:jboss_enterprise_application_platform:7.4 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T14:06:28.900126Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T14:06:43.345Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
],
"defaultStatus": "unaffected",
"packageName": "undertow",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"defaultStatus": "affected",
"packageName": "eap7-undertow",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.30-1.SP1_redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
],
"defaultStatus": "affected",
"packageName": "eap7-undertow",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.30-1.SP1_redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-undertow",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.30-1.SP1_redhat_00001.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
],
"defaultStatus": "unaffected",
"packageName": "undertow",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
],
"defaultStatus": "affected",
"packageName": "eap8-undertow",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.3.11-1.SP1_redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9",
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
],
"defaultStatus": "affected",
"packageName": "eap8-undertow",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.3.11-1.SP1_redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
}
],
"datePublic": "2024-04-04T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T10:01:57.995Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:1674",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"name": "RHSA-2024:1675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"name": "RHSA-2024:1676",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"name": "RHSA-2024:1677",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"name": "RHSA-2024:2763",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
},
{
"name": "RHSA-2024:2764",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"name": "RHBZ#2185662",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-20T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-04-04T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Undertow: unrestricted request storage leads to memory exhaustion",
"x_redhatCweChain": "CWE-20: Improper Input Validation"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-1973",
"datePublished": "2024-11-07T10:01:57.995Z",
"dateReserved": "2023-04-10T23:29:16.249Z",
"dateUpdated": "2024-11-07T14:06:43.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-1973\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2024-11-07T10:15:05.400\",\"lastModified\":\"2024-11-08T19:01:03.880\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una falla en el paquete Undertow. Mediante el uso de FormAuthenticationMechanism, un usuario malintencionado podr\u00eda provocar una denegaci\u00f3n de servicio mediante el env\u00edo de solicitudes manipuladas, lo que provocar\u00eda un error de falta de memoria en el servidor y agotar\u00eda su memoria.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1674\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1675\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1676\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1677\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:2763\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:2764\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-1973\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2185662\",\"source\":\"secalert@redhat.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-1973\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-07T14:06:28.900126Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-07T14:06:39.564Z\"}}], \"cna\": {\"title\": \"Undertow: unrestricted request storage leads to memory exhaustion\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:7.4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.2.30-1.SP1_redhat_00001.1.el8eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.2.30-1.SP1_redhat_00001.1.el9eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.2.30-1.SP1_redhat_00001.1.el7eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:8.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 8\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9\", \"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.3.11-1.SP1_redhat_00001.1.el8eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap8-undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9\", \"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.3.11-1.SP1_redhat_00001.1.el9eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap8-undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-02-20T00:00:00+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2024-04-04T00:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2024-04-04T00:00:00+00:00\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2024:1674\", \"name\": \"RHSA-2024:1674\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:1675\", \"name\": \"RHSA-2024:1675\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:1676\", \"name\": \"RHSA-2024:1676\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:1677\", \"name\": \"RHSA-2024:1677\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:2763\", \"name\": \"RHSA-2024:2763\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:2764\", \"name\": \"RHSA-2024:2764\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-1973\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2185662\", \"name\": \"RHBZ#2185662\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2024-11-07T10:01:57.995Z\"}, \"x_redhatCweChain\": \"CWE-20: Improper Input Validation\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-1973\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-07T14:06:43.345Z\", \"dateReserved\": \"2023-04-10T23:29:16.249Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2024-11-07T10:01:57.995Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2024:1674
Vulnerability from csaf_redhat
Published
2024-04-04 15:23
Modified
2025-02-07 15:07
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)
* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1674",
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-19969",
"url": "https://issues.redhat.com/browse/JBEAP-19969"
},
{
"category": "external",
"summary": "JBEAP-26168",
"url": "https://issues.redhat.com/browse/JBEAP-26168"
},
{
"category": "external",
"summary": "JBEAP-26280",
"url": "https://issues.redhat.com/browse/JBEAP-26280"
},
{
"category": "external",
"summary": "JBEAP-26291",
"url": "https://issues.redhat.com/browse/JBEAP-26291"
},
{
"category": "external",
"summary": "JBEAP-26318",
"url": "https://issues.redhat.com/browse/JBEAP-26318"
},
{
"category": "external",
"summary": "JBEAP-26343",
"url": "https://issues.redhat.com/browse/JBEAP-26343"
},
{
"category": "external",
"summary": "JBEAP-26355",
"url": "https://issues.redhat.com/browse/JBEAP-26355"
},
{
"category": "external",
"summary": "JBEAP-26414",
"url": "https://issues.redhat.com/browse/JBEAP-26414"
},
{
"category": "external",
"summary": "JBEAP-26467",
"url": "https://issues.redhat.com/browse/JBEAP-26467"
},
{
"category": "external",
"summary": "JBEAP-26533",
"url": "https://issues.redhat.com/browse/JBEAP-26533"
},
{
"category": "external",
"summary": "JBEAP-26552",
"url": "https://issues.redhat.com/browse/JBEAP-26552"
},
{
"category": "external",
"summary": "JBEAP-26587",
"url": "https://issues.redhat.com/browse/JBEAP-26587"
},
{
"category": "external",
"summary": "JBEAP-26616",
"url": "https://issues.redhat.com/browse/JBEAP-26616"
},
{
"category": "external",
"summary": "JBEAP-26617",
"url": "https://issues.redhat.com/browse/JBEAP-26617"
},
{
"category": "external",
"summary": "JBEAP-26636",
"url": "https://issues.redhat.com/browse/JBEAP-26636"
},
{
"category": "external",
"summary": "JBEAP-26660",
"url": "https://issues.redhat.com/browse/JBEAP-26660"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1674.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update",
"tracking": {
"current_release_date": "2025-02-07T15:07:16+00:00",
"generator": {
"date": "2025-02-07T15:07:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.0"
}
},
"id": "RHSA-2024:1674",
"initial_release_date": "2024-04-04T15:23:51+00:00",
"revision_history": [
{
"date": "2024-04-04T15:23:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-04T15:23:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-07T15:07:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.4-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.4-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-3.SP3_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-35.Final_redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-35.Final_redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-analyzers-common@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-backward-codecs@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-core@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-facet@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-misc@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queries@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queryparser@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el7eap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product": {
"name": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product_id": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper-debuginfo@1.1.2-1.redhat_00001.1.el7eap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64"
},
"product_reference": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:51+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:51+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"discovery_date": "2023-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "RHBZ#2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/7071748",
"url": "https://access.redhat.com/solutions/7071748"
},
{
"category": "external",
"summary": "https://terrapin-attack.com/",
"url": "https://terrapin-attack.com/"
}
],
"release_date": "2023-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:51+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"category": "workaround",
"details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:51+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:51+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
RHSA-2024:1675
Vulnerability from csaf_redhat
Published
2024-04-04 15:23
Modified
2025-02-07 15:07
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)
* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1675",
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-19969",
"url": "https://issues.redhat.com/browse/JBEAP-19969"
},
{
"category": "external",
"summary": "JBEAP-26168",
"url": "https://issues.redhat.com/browse/JBEAP-26168"
},
{
"category": "external",
"summary": "JBEAP-26280",
"url": "https://issues.redhat.com/browse/JBEAP-26280"
},
{
"category": "external",
"summary": "JBEAP-26291",
"url": "https://issues.redhat.com/browse/JBEAP-26291"
},
{
"category": "external",
"summary": "JBEAP-26318",
"url": "https://issues.redhat.com/browse/JBEAP-26318"
},
{
"category": "external",
"summary": "JBEAP-26343",
"url": "https://issues.redhat.com/browse/JBEAP-26343"
},
{
"category": "external",
"summary": "JBEAP-26355",
"url": "https://issues.redhat.com/browse/JBEAP-26355"
},
{
"category": "external",
"summary": "JBEAP-26414",
"url": "https://issues.redhat.com/browse/JBEAP-26414"
},
{
"category": "external",
"summary": "JBEAP-26467",
"url": "https://issues.redhat.com/browse/JBEAP-26467"
},
{
"category": "external",
"summary": "JBEAP-26533",
"url": "https://issues.redhat.com/browse/JBEAP-26533"
},
{
"category": "external",
"summary": "JBEAP-26552",
"url": "https://issues.redhat.com/browse/JBEAP-26552"
},
{
"category": "external",
"summary": "JBEAP-26587",
"url": "https://issues.redhat.com/browse/JBEAP-26587"
},
{
"category": "external",
"summary": "JBEAP-26616",
"url": "https://issues.redhat.com/browse/JBEAP-26616"
},
{
"category": "external",
"summary": "JBEAP-26617",
"url": "https://issues.redhat.com/browse/JBEAP-26617"
},
{
"category": "external",
"summary": "JBEAP-26636",
"url": "https://issues.redhat.com/browse/JBEAP-26636"
},
{
"category": "external",
"summary": "JBEAP-26660",
"url": "https://issues.redhat.com/browse/JBEAP-26660"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1675.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update",
"tracking": {
"current_release_date": "2025-02-07T15:07:03+00:00",
"generator": {
"date": "2025-02-07T15:07:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.0"
}
},
"id": "RHSA-2024:1675",
"initial_release_date": "2024-04-04T15:23:50+00:00",
"revision_history": [
{
"date": "2024-04-04T15:23:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-04T15:23:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-07T15:07:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.4-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el8eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-3.SP3_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.4-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-35.Final_redhat_00034.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-35.Final_redhat_00034.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-analyzers-common@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-backward-codecs@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-core@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-facet@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-grouping@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-misc@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queries@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queryparser@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el8eap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:50+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:50+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"discovery_date": "2023-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "RHBZ#2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/7071748",
"url": "https://access.redhat.com/solutions/7071748"
},
{
"category": "external",
"summary": "https://terrapin-attack.com/",
"url": "https://terrapin-attack.com/"
}
],
"release_date": "2023-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:50+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"category": "workaround",
"details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:50+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:50+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
rhsa-2024:1676
Vulnerability from csaf_redhat
Published
2024-04-04 15:23
Modified
2025-02-07 15:07
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)
* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1676",
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"category": "external",
"summary": "JBEAP-26280",
"url": "https://issues.redhat.com/browse/JBEAP-26280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-19969",
"url": "https://issues.redhat.com/browse/JBEAP-19969"
},
{
"category": "external",
"summary": "JBEAP-26291",
"url": "https://issues.redhat.com/browse/JBEAP-26291"
},
{
"category": "external",
"summary": "JBEAP-26318",
"url": "https://issues.redhat.com/browse/JBEAP-26318"
},
{
"category": "external",
"summary": "JBEAP-26343",
"url": "https://issues.redhat.com/browse/JBEAP-26343"
},
{
"category": "external",
"summary": "JBEAP-26355",
"url": "https://issues.redhat.com/browse/JBEAP-26355"
},
{
"category": "external",
"summary": "JBEAP-26414",
"url": "https://issues.redhat.com/browse/JBEAP-26414"
},
{
"category": "external",
"summary": "JBEAP-26467",
"url": "https://issues.redhat.com/browse/JBEAP-26467"
},
{
"category": "external",
"summary": "JBEAP-26533",
"url": "https://issues.redhat.com/browse/JBEAP-26533"
},
{
"category": "external",
"summary": "JBEAP-26552",
"url": "https://issues.redhat.com/browse/JBEAP-26552"
},
{
"category": "external",
"summary": "JBEAP-26587",
"url": "https://issues.redhat.com/browse/JBEAP-26587"
},
{
"category": "external",
"summary": "JBEAP-26616",
"url": "https://issues.redhat.com/browse/JBEAP-26616"
},
{
"category": "external",
"summary": "JBEAP-26617",
"url": "https://issues.redhat.com/browse/JBEAP-26617"
},
{
"category": "external",
"summary": "JBEAP-26636",
"url": "https://issues.redhat.com/browse/JBEAP-26636"
},
{
"category": "external",
"summary": "JBEAP-26168",
"url": "https://issues.redhat.com/browse/JBEAP-26168"
},
{
"category": "external",
"summary": "JBEAP-26660",
"url": "https://issues.redhat.com/browse/JBEAP-26660"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1676.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update",
"tracking": {
"current_release_date": "2025-02-07T15:07:28+00:00",
"generator": {
"date": "2025-02-07T15:07:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.0"
}
},
"id": "RHSA-2024:1676",
"initial_release_date": "2024-04-04T15:23:45+00:00",
"revision_history": [
{
"date": "2024-04-04T15:23:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-04T15:23:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-07T15:07:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 9",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.4-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el9eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-3.SP3_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.22-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.4-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-35.Final_redhat_00034.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-35.Final_redhat_00034.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.36-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.36-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-analyzers-common@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-backward-codecs@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-core@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-facet@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-misc@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queries@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queryparser@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el9eap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"discovery_date": "2023-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "RHBZ#2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/7071748",
"url": "https://access.redhat.com/solutions/7071748"
},
{
"category": "external",
"summary": "https://terrapin-attack.com/",
"url": "https://terrapin-attack.com/"
}
],
"release_date": "2023-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"category": "workaround",
"details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
rhsa-2024:1674
Vulnerability from csaf_redhat
Published
2024-04-04 15:23
Modified
2025-02-07 15:07
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)
* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1674",
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-19969",
"url": "https://issues.redhat.com/browse/JBEAP-19969"
},
{
"category": "external",
"summary": "JBEAP-26168",
"url": "https://issues.redhat.com/browse/JBEAP-26168"
},
{
"category": "external",
"summary": "JBEAP-26280",
"url": "https://issues.redhat.com/browse/JBEAP-26280"
},
{
"category": "external",
"summary": "JBEAP-26291",
"url": "https://issues.redhat.com/browse/JBEAP-26291"
},
{
"category": "external",
"summary": "JBEAP-26318",
"url": "https://issues.redhat.com/browse/JBEAP-26318"
},
{
"category": "external",
"summary": "JBEAP-26343",
"url": "https://issues.redhat.com/browse/JBEAP-26343"
},
{
"category": "external",
"summary": "JBEAP-26355",
"url": "https://issues.redhat.com/browse/JBEAP-26355"
},
{
"category": "external",
"summary": "JBEAP-26414",
"url": "https://issues.redhat.com/browse/JBEAP-26414"
},
{
"category": "external",
"summary": "JBEAP-26467",
"url": "https://issues.redhat.com/browse/JBEAP-26467"
},
{
"category": "external",
"summary": "JBEAP-26533",
"url": "https://issues.redhat.com/browse/JBEAP-26533"
},
{
"category": "external",
"summary": "JBEAP-26552",
"url": "https://issues.redhat.com/browse/JBEAP-26552"
},
{
"category": "external",
"summary": "JBEAP-26587",
"url": "https://issues.redhat.com/browse/JBEAP-26587"
},
{
"category": "external",
"summary": "JBEAP-26616",
"url": "https://issues.redhat.com/browse/JBEAP-26616"
},
{
"category": "external",
"summary": "JBEAP-26617",
"url": "https://issues.redhat.com/browse/JBEAP-26617"
},
{
"category": "external",
"summary": "JBEAP-26636",
"url": "https://issues.redhat.com/browse/JBEAP-26636"
},
{
"category": "external",
"summary": "JBEAP-26660",
"url": "https://issues.redhat.com/browse/JBEAP-26660"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1674.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update",
"tracking": {
"current_release_date": "2025-02-07T15:07:16+00:00",
"generator": {
"date": "2025-02-07T15:07:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.0"
}
},
"id": "RHSA-2024:1674",
"initial_release_date": "2024-04-04T15:23:51+00:00",
"revision_history": [
{
"date": "2024-04-04T15:23:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-04T15:23:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-07T15:07:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.4-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.4-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-3.SP3_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-35.Final_redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-35.Final_redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-analyzers-common@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-backward-codecs@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-core@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-facet@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-misc@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queries@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queryparser@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el7eap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product": {
"name": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product_id": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper-debuginfo@1.1.2-1.redhat_00001.1.el7eap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64"
},
"product_reference": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:51+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:51+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"discovery_date": "2023-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "RHBZ#2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/7071748",
"url": "https://access.redhat.com/solutions/7071748"
},
{
"category": "external",
"summary": "https://terrapin-attack.com/",
"url": "https://terrapin-attack.com/"
}
],
"release_date": "2023-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:51+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"category": "workaround",
"details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:51+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:51+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
RHSA-2024:2764
Vulnerability from csaf_redhat
Published
2024-05-08 14:25
Modified
2024-12-31 03:12
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)
* undertow: Directory traversal vulnerability (CVE-2024-1459)
* undertow: Unrestricted request storage leads to memory exhaustion (CVE-2023-1973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)\n* undertow: Directory traversal vulnerability (CVE-2024-1459)\n* undertow: Unrestricted request storage leads to memory exhaustion (CVE-2023-1973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2764",
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2764.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update",
"tracking": {
"current_release_date": "2024-12-31T03:12:21+00:00",
"generator": {
"date": "2024-12-31T03:12:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.4"
}
},
"id": "RHSA-2024:2764",
"initial_release_date": "2024-05-08T14:25:09+00:00",
"revision_history": [
{
"date": "2024-05-08T14:25:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-08T14:25:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-31T03:12:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 8.0 for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss EAP 8.0 for RHEL 9",
"product": {
"name": "Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"product_id": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-undertow@2.3.11-1.SP1_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src",
"product_id": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-undertow@2.3.11-1.SP1_redhat_00001.1.el9eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-undertow@2.3.11-1.SP1_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-undertow@2.3.11-1.SP1_redhat_00001.1.el9eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:25:09+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:25:09+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:25:09+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
}
]
}
rhsa-2024:2764
Vulnerability from csaf_redhat
Published
2024-05-08 14:25
Modified
2024-12-31 03:12
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)
* undertow: Directory traversal vulnerability (CVE-2024-1459)
* undertow: Unrestricted request storage leads to memory exhaustion (CVE-2023-1973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)\n* undertow: Directory traversal vulnerability (CVE-2024-1459)\n* undertow: Unrestricted request storage leads to memory exhaustion (CVE-2023-1973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2764",
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2764.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update",
"tracking": {
"current_release_date": "2024-12-31T03:12:21+00:00",
"generator": {
"date": "2024-12-31T03:12:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.4"
}
},
"id": "RHSA-2024:2764",
"initial_release_date": "2024-05-08T14:25:09+00:00",
"revision_history": [
{
"date": "2024-05-08T14:25:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-08T14:25:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-31T03:12:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 8.0 for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss EAP 8.0 for RHEL 9",
"product": {
"name": "Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"product_id": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-undertow@2.3.11-1.SP1_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src",
"product_id": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-undertow@2.3.11-1.SP1_redhat_00001.1.el9eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-undertow@2.3.11-1.SP1_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-undertow@2.3.11-1.SP1_redhat_00001.1.el9eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:25:09+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:25:09+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:25:09+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
}
]
}
RHSA-2024:1676
Vulnerability from csaf_redhat
Published
2024-04-04 15:23
Modified
2025-02-07 15:07
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)
* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1676",
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"category": "external",
"summary": "JBEAP-26280",
"url": "https://issues.redhat.com/browse/JBEAP-26280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-19969",
"url": "https://issues.redhat.com/browse/JBEAP-19969"
},
{
"category": "external",
"summary": "JBEAP-26291",
"url": "https://issues.redhat.com/browse/JBEAP-26291"
},
{
"category": "external",
"summary": "JBEAP-26318",
"url": "https://issues.redhat.com/browse/JBEAP-26318"
},
{
"category": "external",
"summary": "JBEAP-26343",
"url": "https://issues.redhat.com/browse/JBEAP-26343"
},
{
"category": "external",
"summary": "JBEAP-26355",
"url": "https://issues.redhat.com/browse/JBEAP-26355"
},
{
"category": "external",
"summary": "JBEAP-26414",
"url": "https://issues.redhat.com/browse/JBEAP-26414"
},
{
"category": "external",
"summary": "JBEAP-26467",
"url": "https://issues.redhat.com/browse/JBEAP-26467"
},
{
"category": "external",
"summary": "JBEAP-26533",
"url": "https://issues.redhat.com/browse/JBEAP-26533"
},
{
"category": "external",
"summary": "JBEAP-26552",
"url": "https://issues.redhat.com/browse/JBEAP-26552"
},
{
"category": "external",
"summary": "JBEAP-26587",
"url": "https://issues.redhat.com/browse/JBEAP-26587"
},
{
"category": "external",
"summary": "JBEAP-26616",
"url": "https://issues.redhat.com/browse/JBEAP-26616"
},
{
"category": "external",
"summary": "JBEAP-26617",
"url": "https://issues.redhat.com/browse/JBEAP-26617"
},
{
"category": "external",
"summary": "JBEAP-26636",
"url": "https://issues.redhat.com/browse/JBEAP-26636"
},
{
"category": "external",
"summary": "JBEAP-26168",
"url": "https://issues.redhat.com/browse/JBEAP-26168"
},
{
"category": "external",
"summary": "JBEAP-26660",
"url": "https://issues.redhat.com/browse/JBEAP-26660"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1676.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update",
"tracking": {
"current_release_date": "2025-02-07T15:07:28+00:00",
"generator": {
"date": "2025-02-07T15:07:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.0"
}
},
"id": "RHSA-2024:1676",
"initial_release_date": "2024-04-04T15:23:45+00:00",
"revision_history": [
{
"date": "2024-04-04T15:23:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-04T15:23:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-07T15:07:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 9",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.4-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el9eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-3.SP3_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.22-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.4-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-35.Final_redhat_00034.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-35.Final_redhat_00034.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.36-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.36-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-analyzers-common@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-backward-codecs@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-core@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-facet@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-misc@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queries@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queryparser@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el9eap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"discovery_date": "2023-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "RHBZ#2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/7071748",
"url": "https://access.redhat.com/solutions/7071748"
},
{
"category": "external",
"summary": "https://terrapin-attack.com/",
"url": "https://terrapin-attack.com/"
}
],
"release_date": "2023-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"category": "workaround",
"details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
RHSA-2024:2763
Vulnerability from csaf_redhat
Published
2024-05-08 14:17
Modified
2024-12-31 03:12
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)
* undertow: Directory traversal vulnerability (CVE-2024-1459)
* undertow: Unrestricted request storage leads to memory exhaustion (CVE-2023-1973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)\n* undertow: Directory traversal vulnerability (CVE-2024-1459)\n* undertow: Unrestricted request storage leads to memory exhaustion (CVE-2023-1973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2763",
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2763.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update",
"tracking": {
"current_release_date": "2024-12-31T03:12:32+00:00",
"generator": {
"date": "2024-12-31T03:12:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.4"
}
},
"id": "RHSA-2024:2763",
"initial_release_date": "2024-05-08T14:17:10+00:00",
"revision_history": [
{
"date": "2024-05-08T14:17:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-08T14:17:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-31T03:12:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 8",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 8",
"product_id": "Red Hat JBoss Enterprise Application Platform 8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:17:10+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:17:10+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:17:10+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
}
]
}
rhsa-2024:1675
Vulnerability from csaf_redhat
Published
2024-04-04 15:23
Modified
2025-02-07 15:07
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)
* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1675",
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-19969",
"url": "https://issues.redhat.com/browse/JBEAP-19969"
},
{
"category": "external",
"summary": "JBEAP-26168",
"url": "https://issues.redhat.com/browse/JBEAP-26168"
},
{
"category": "external",
"summary": "JBEAP-26280",
"url": "https://issues.redhat.com/browse/JBEAP-26280"
},
{
"category": "external",
"summary": "JBEAP-26291",
"url": "https://issues.redhat.com/browse/JBEAP-26291"
},
{
"category": "external",
"summary": "JBEAP-26318",
"url": "https://issues.redhat.com/browse/JBEAP-26318"
},
{
"category": "external",
"summary": "JBEAP-26343",
"url": "https://issues.redhat.com/browse/JBEAP-26343"
},
{
"category": "external",
"summary": "JBEAP-26355",
"url": "https://issues.redhat.com/browse/JBEAP-26355"
},
{
"category": "external",
"summary": "JBEAP-26414",
"url": "https://issues.redhat.com/browse/JBEAP-26414"
},
{
"category": "external",
"summary": "JBEAP-26467",
"url": "https://issues.redhat.com/browse/JBEAP-26467"
},
{
"category": "external",
"summary": "JBEAP-26533",
"url": "https://issues.redhat.com/browse/JBEAP-26533"
},
{
"category": "external",
"summary": "JBEAP-26552",
"url": "https://issues.redhat.com/browse/JBEAP-26552"
},
{
"category": "external",
"summary": "JBEAP-26587",
"url": "https://issues.redhat.com/browse/JBEAP-26587"
},
{
"category": "external",
"summary": "JBEAP-26616",
"url": "https://issues.redhat.com/browse/JBEAP-26616"
},
{
"category": "external",
"summary": "JBEAP-26617",
"url": "https://issues.redhat.com/browse/JBEAP-26617"
},
{
"category": "external",
"summary": "JBEAP-26636",
"url": "https://issues.redhat.com/browse/JBEAP-26636"
},
{
"category": "external",
"summary": "JBEAP-26660",
"url": "https://issues.redhat.com/browse/JBEAP-26660"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1675.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update",
"tracking": {
"current_release_date": "2025-02-07T15:07:03+00:00",
"generator": {
"date": "2025-02-07T15:07:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.0"
}
},
"id": "RHSA-2024:1675",
"initial_release_date": "2024-04-04T15:23:50+00:00",
"revision_history": [
{
"date": "2024-04-04T15:23:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-04T15:23:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-07T15:07:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.4-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el8eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-3.SP3_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.4-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-35.Final_redhat_00034.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-35.Final_redhat_00034.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-analyzers-common@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-backward-codecs@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-core@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-facet@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-grouping@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-misc@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queries@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queryparser@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el8eap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:50+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:50+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"discovery_date": "2023-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "RHBZ#2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/7071748",
"url": "https://access.redhat.com/solutions/7071748"
},
{
"category": "external",
"summary": "https://terrapin-attack.com/",
"url": "https://terrapin-attack.com/"
}
],
"release_date": "2023-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:50+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"category": "workaround",
"details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:50+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:50+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
rhsa-2024_2763
Vulnerability from csaf_redhat
Published
2024-05-08 14:17
Modified
2024-12-31 03:12
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)
* undertow: Directory traversal vulnerability (CVE-2024-1459)
* undertow: Unrestricted request storage leads to memory exhaustion (CVE-2023-1973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)\n* undertow: Directory traversal vulnerability (CVE-2024-1459)\n* undertow: Unrestricted request storage leads to memory exhaustion (CVE-2023-1973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2763",
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2763.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update",
"tracking": {
"current_release_date": "2024-12-31T03:12:32+00:00",
"generator": {
"date": "2024-12-31T03:12:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.4"
}
},
"id": "RHSA-2024:2763",
"initial_release_date": "2024-05-08T14:17:10+00:00",
"revision_history": [
{
"date": "2024-05-08T14:17:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-08T14:17:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-31T03:12:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 8",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 8",
"product_id": "Red Hat JBoss Enterprise Application Platform 8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:17:10+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:17:10+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:17:10+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
}
]
}
rhsa-2024_1677
Vulnerability from csaf_redhat
Published
2024-04-04 15:22
Modified
2025-01-06 19:40
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)
* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1677",
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.4"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-19969",
"url": "https://issues.redhat.com/browse/JBEAP-19969"
},
{
"category": "external",
"summary": "JBEAP-26168",
"url": "https://issues.redhat.com/browse/JBEAP-26168"
},
{
"category": "external",
"summary": "JBEAP-26280",
"url": "https://issues.redhat.com/browse/JBEAP-26280"
},
{
"category": "external",
"summary": "JBEAP-26291",
"url": "https://issues.redhat.com/browse/JBEAP-26291"
},
{
"category": "external",
"summary": "JBEAP-26318",
"url": "https://issues.redhat.com/browse/JBEAP-26318"
},
{
"category": "external",
"summary": "JBEAP-26343",
"url": "https://issues.redhat.com/browse/JBEAP-26343"
},
{
"category": "external",
"summary": "JBEAP-26355",
"url": "https://issues.redhat.com/browse/JBEAP-26355"
},
{
"category": "external",
"summary": "JBEAP-26414",
"url": "https://issues.redhat.com/browse/JBEAP-26414"
},
{
"category": "external",
"summary": "JBEAP-26467",
"url": "https://issues.redhat.com/browse/JBEAP-26467"
},
{
"category": "external",
"summary": "JBEAP-26533",
"url": "https://issues.redhat.com/browse/JBEAP-26533"
},
{
"category": "external",
"summary": "JBEAP-26552",
"url": "https://issues.redhat.com/browse/JBEAP-26552"
},
{
"category": "external",
"summary": "JBEAP-26587",
"url": "https://issues.redhat.com/browse/JBEAP-26587"
},
{
"category": "external",
"summary": "JBEAP-26616",
"url": "https://issues.redhat.com/browse/JBEAP-26616"
},
{
"category": "external",
"summary": "JBEAP-26617",
"url": "https://issues.redhat.com/browse/JBEAP-26617"
},
{
"category": "external",
"summary": "JBEAP-26636",
"url": "https://issues.redhat.com/browse/JBEAP-26636"
},
{
"category": "external",
"summary": "JBEAP-26660",
"url": "https://issues.redhat.com/browse/JBEAP-26660"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1677.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update",
"tracking": {
"current_release_date": "2025-01-06T19:40:11+00:00",
"generator": {
"date": "2025-01-06T19:40:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.5"
}
},
"id": "RHSA-2024:1677",
"initial_release_date": "2024-04-04T15:22:45+00:00",
"revision_history": [
{
"date": "2024-04-04T15:22:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-06-05T10:53:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-06T19:40:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product_id": "Red Hat JBoss Enterprise Application Platform 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:22:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:22:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"discovery_date": "2023-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "RHBZ#2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/7071748",
"url": "https://access.redhat.com/solutions/7071748"
},
{
"category": "external",
"summary": "https://terrapin-attack.com/",
"url": "https://terrapin-attack.com/"
}
],
"release_date": "2023-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:22:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"category": "workaround",
"details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:22:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:22:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
RHSA-2024:1677
Vulnerability from csaf_redhat
Published
2024-04-04 15:22
Modified
2025-02-07 15:07
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)
* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1677",
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.4"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-19969",
"url": "https://issues.redhat.com/browse/JBEAP-19969"
},
{
"category": "external",
"summary": "JBEAP-26168",
"url": "https://issues.redhat.com/browse/JBEAP-26168"
},
{
"category": "external",
"summary": "JBEAP-26280",
"url": "https://issues.redhat.com/browse/JBEAP-26280"
},
{
"category": "external",
"summary": "JBEAP-26291",
"url": "https://issues.redhat.com/browse/JBEAP-26291"
},
{
"category": "external",
"summary": "JBEAP-26318",
"url": "https://issues.redhat.com/browse/JBEAP-26318"
},
{
"category": "external",
"summary": "JBEAP-26343",
"url": "https://issues.redhat.com/browse/JBEAP-26343"
},
{
"category": "external",
"summary": "JBEAP-26355",
"url": "https://issues.redhat.com/browse/JBEAP-26355"
},
{
"category": "external",
"summary": "JBEAP-26414",
"url": "https://issues.redhat.com/browse/JBEAP-26414"
},
{
"category": "external",
"summary": "JBEAP-26467",
"url": "https://issues.redhat.com/browse/JBEAP-26467"
},
{
"category": "external",
"summary": "JBEAP-26533",
"url": "https://issues.redhat.com/browse/JBEAP-26533"
},
{
"category": "external",
"summary": "JBEAP-26552",
"url": "https://issues.redhat.com/browse/JBEAP-26552"
},
{
"category": "external",
"summary": "JBEAP-26587",
"url": "https://issues.redhat.com/browse/JBEAP-26587"
},
{
"category": "external",
"summary": "JBEAP-26616",
"url": "https://issues.redhat.com/browse/JBEAP-26616"
},
{
"category": "external",
"summary": "JBEAP-26617",
"url": "https://issues.redhat.com/browse/JBEAP-26617"
},
{
"category": "external",
"summary": "JBEAP-26636",
"url": "https://issues.redhat.com/browse/JBEAP-26636"
},
{
"category": "external",
"summary": "JBEAP-26660",
"url": "https://issues.redhat.com/browse/JBEAP-26660"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1677.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update",
"tracking": {
"current_release_date": "2025-02-07T15:07:41+00:00",
"generator": {
"date": "2025-02-07T15:07:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.0"
}
},
"id": "RHSA-2024:1677",
"initial_release_date": "2024-04-04T15:22:45+00:00",
"revision_history": [
{
"date": "2024-04-04T15:22:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-06-05T10:53:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-07T15:07:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product_id": "Red Hat JBoss Enterprise Application Platform 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:22:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:22:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"discovery_date": "2023-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "RHBZ#2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/7071748",
"url": "https://access.redhat.com/solutions/7071748"
},
{
"category": "external",
"summary": "https://terrapin-attack.com/",
"url": "https://terrapin-attack.com/"
}
],
"release_date": "2023-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:22:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"category": "workaround",
"details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:22:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:22:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
rhsa-2024:2763
Vulnerability from csaf_redhat
Published
2024-05-08 14:17
Modified
2024-12-31 03:12
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)
* undertow: Directory traversal vulnerability (CVE-2024-1459)
* undertow: Unrestricted request storage leads to memory exhaustion (CVE-2023-1973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)\n* undertow: Directory traversal vulnerability (CVE-2024-1459)\n* undertow: Unrestricted request storage leads to memory exhaustion (CVE-2023-1973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2763",
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2763.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update",
"tracking": {
"current_release_date": "2024-12-31T03:12:32+00:00",
"generator": {
"date": "2024-12-31T03:12:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.4"
}
},
"id": "RHSA-2024:2763",
"initial_release_date": "2024-05-08T14:17:10+00:00",
"revision_history": [
{
"date": "2024-05-08T14:17:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-08T14:17:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-31T03:12:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 8",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 8",
"product_id": "Red Hat JBoss Enterprise Application Platform 8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:17:10+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:17:10+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:17:10+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
}
]
}
rhsa-2024_1676
Vulnerability from csaf_redhat
Published
2024-04-04 15:23
Modified
2025-01-06 19:39
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)
* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1676",
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-19969",
"url": "https://issues.redhat.com/browse/JBEAP-19969"
},
{
"category": "external",
"summary": "JBEAP-26168",
"url": "https://issues.redhat.com/browse/JBEAP-26168"
},
{
"category": "external",
"summary": "JBEAP-26280",
"url": "https://issues.redhat.com/browse/JBEAP-26280"
},
{
"category": "external",
"summary": "JBEAP-26291",
"url": "https://issues.redhat.com/browse/JBEAP-26291"
},
{
"category": "external",
"summary": "JBEAP-26318",
"url": "https://issues.redhat.com/browse/JBEAP-26318"
},
{
"category": "external",
"summary": "JBEAP-26343",
"url": "https://issues.redhat.com/browse/JBEAP-26343"
},
{
"category": "external",
"summary": "JBEAP-26355",
"url": "https://issues.redhat.com/browse/JBEAP-26355"
},
{
"category": "external",
"summary": "JBEAP-26414",
"url": "https://issues.redhat.com/browse/JBEAP-26414"
},
{
"category": "external",
"summary": "JBEAP-26467",
"url": "https://issues.redhat.com/browse/JBEAP-26467"
},
{
"category": "external",
"summary": "JBEAP-26533",
"url": "https://issues.redhat.com/browse/JBEAP-26533"
},
{
"category": "external",
"summary": "JBEAP-26552",
"url": "https://issues.redhat.com/browse/JBEAP-26552"
},
{
"category": "external",
"summary": "JBEAP-26587",
"url": "https://issues.redhat.com/browse/JBEAP-26587"
},
{
"category": "external",
"summary": "JBEAP-26616",
"url": "https://issues.redhat.com/browse/JBEAP-26616"
},
{
"category": "external",
"summary": "JBEAP-26617",
"url": "https://issues.redhat.com/browse/JBEAP-26617"
},
{
"category": "external",
"summary": "JBEAP-26636",
"url": "https://issues.redhat.com/browse/JBEAP-26636"
},
{
"category": "external",
"summary": "JBEAP-26660",
"url": "https://issues.redhat.com/browse/JBEAP-26660"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1676.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update",
"tracking": {
"current_release_date": "2025-01-06T19:39:59+00:00",
"generator": {
"date": "2025-01-06T19:39:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.5"
}
},
"id": "RHSA-2024:1676",
"initial_release_date": "2024-04-04T15:23:45+00:00",
"revision_history": [
{
"date": "2024-04-04T15:23:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-04T15:23:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-06T19:39:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 9",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.4-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el9eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-3.SP3_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.22-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-18.redhat_00052.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.4-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-35.Final_redhat_00034.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-35.Final_redhat_00034.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.36-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.36-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-analyzers-common@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-backward-codecs@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-core@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-facet@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-misc@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queries@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queryparser@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.16-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el9eap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"discovery_date": "2023-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "RHBZ#2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/7071748",
"url": "https://access.redhat.com/solutions/7071748"
},
{
"category": "external",
"summary": "https://terrapin-attack.com/",
"url": "https://terrapin-attack.com/"
}
],
"release_date": "2023-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"category": "workaround",
"details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"known_not_affected": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
rhsa-2024:1677
Vulnerability from csaf_redhat
Published
2024-04-04 15:22
Modified
2025-02-07 15:07
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)
* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1677",
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=7.4"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-19969",
"url": "https://issues.redhat.com/browse/JBEAP-19969"
},
{
"category": "external",
"summary": "JBEAP-26168",
"url": "https://issues.redhat.com/browse/JBEAP-26168"
},
{
"category": "external",
"summary": "JBEAP-26280",
"url": "https://issues.redhat.com/browse/JBEAP-26280"
},
{
"category": "external",
"summary": "JBEAP-26291",
"url": "https://issues.redhat.com/browse/JBEAP-26291"
},
{
"category": "external",
"summary": "JBEAP-26318",
"url": "https://issues.redhat.com/browse/JBEAP-26318"
},
{
"category": "external",
"summary": "JBEAP-26343",
"url": "https://issues.redhat.com/browse/JBEAP-26343"
},
{
"category": "external",
"summary": "JBEAP-26355",
"url": "https://issues.redhat.com/browse/JBEAP-26355"
},
{
"category": "external",
"summary": "JBEAP-26414",
"url": "https://issues.redhat.com/browse/JBEAP-26414"
},
{
"category": "external",
"summary": "JBEAP-26467",
"url": "https://issues.redhat.com/browse/JBEAP-26467"
},
{
"category": "external",
"summary": "JBEAP-26533",
"url": "https://issues.redhat.com/browse/JBEAP-26533"
},
{
"category": "external",
"summary": "JBEAP-26552",
"url": "https://issues.redhat.com/browse/JBEAP-26552"
},
{
"category": "external",
"summary": "JBEAP-26587",
"url": "https://issues.redhat.com/browse/JBEAP-26587"
},
{
"category": "external",
"summary": "JBEAP-26616",
"url": "https://issues.redhat.com/browse/JBEAP-26616"
},
{
"category": "external",
"summary": "JBEAP-26617",
"url": "https://issues.redhat.com/browse/JBEAP-26617"
},
{
"category": "external",
"summary": "JBEAP-26636",
"url": "https://issues.redhat.com/browse/JBEAP-26636"
},
{
"category": "external",
"summary": "JBEAP-26660",
"url": "https://issues.redhat.com/browse/JBEAP-26660"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1677.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update",
"tracking": {
"current_release_date": "2025-02-07T15:07:41+00:00",
"generator": {
"date": "2025-02-07T15:07:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.3.0"
}
},
"id": "RHSA-2024:1677",
"initial_release_date": "2024-04-04T15:22:45+00:00",
"revision_history": [
{
"date": "2024-04-04T15:22:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-06-05T10:53:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-02-07T15:07:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product_id": "Red Hat JBoss Enterprise Application Platform 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:22:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:22:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"discovery_date": "2023-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "RHBZ#2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/7071748",
"url": "https://access.redhat.com/solutions/7071748"
},
{
"category": "external",
"summary": "https://terrapin-attack.com/",
"url": "https://terrapin-attack.com/"
}
],
"release_date": "2023-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:22:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"category": "workaround",
"details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:22:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:22:45+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied.\nAlso, back up your existing installation, including all applications, configuration files, databases and database settings.\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
rhsa-2024_1675
Vulnerability from csaf_redhat
Published
2024-04-04 15:23
Modified
2025-01-06 19:39
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)
* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1675",
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-19969",
"url": "https://issues.redhat.com/browse/JBEAP-19969"
},
{
"category": "external",
"summary": "JBEAP-26168",
"url": "https://issues.redhat.com/browse/JBEAP-26168"
},
{
"category": "external",
"summary": "JBEAP-26280",
"url": "https://issues.redhat.com/browse/JBEAP-26280"
},
{
"category": "external",
"summary": "JBEAP-26291",
"url": "https://issues.redhat.com/browse/JBEAP-26291"
},
{
"category": "external",
"summary": "JBEAP-26318",
"url": "https://issues.redhat.com/browse/JBEAP-26318"
},
{
"category": "external",
"summary": "JBEAP-26343",
"url": "https://issues.redhat.com/browse/JBEAP-26343"
},
{
"category": "external",
"summary": "JBEAP-26355",
"url": "https://issues.redhat.com/browse/JBEAP-26355"
},
{
"category": "external",
"summary": "JBEAP-26414",
"url": "https://issues.redhat.com/browse/JBEAP-26414"
},
{
"category": "external",
"summary": "JBEAP-26467",
"url": "https://issues.redhat.com/browse/JBEAP-26467"
},
{
"category": "external",
"summary": "JBEAP-26533",
"url": "https://issues.redhat.com/browse/JBEAP-26533"
},
{
"category": "external",
"summary": "JBEAP-26552",
"url": "https://issues.redhat.com/browse/JBEAP-26552"
},
{
"category": "external",
"summary": "JBEAP-26587",
"url": "https://issues.redhat.com/browse/JBEAP-26587"
},
{
"category": "external",
"summary": "JBEAP-26616",
"url": "https://issues.redhat.com/browse/JBEAP-26616"
},
{
"category": "external",
"summary": "JBEAP-26617",
"url": "https://issues.redhat.com/browse/JBEAP-26617"
},
{
"category": "external",
"summary": "JBEAP-26636",
"url": "https://issues.redhat.com/browse/JBEAP-26636"
},
{
"category": "external",
"summary": "JBEAP-26660",
"url": "https://issues.redhat.com/browse/JBEAP-26660"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1675.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update",
"tracking": {
"current_release_date": "2025-01-06T19:39:37+00:00",
"generator": {
"date": "2025-01-06T19:39:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.5"
}
},
"id": "RHSA-2024:1675",
"initial_release_date": "2024-04-04T15:23:50+00:00",
"revision_history": [
{
"date": "2024-04-04T15:23:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-04T15:23:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-06T19:39:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.4-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el8eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-3.SP3_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-18.redhat_00052.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.4-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.22-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-35.Final_redhat_00034.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-35.Final_redhat_00034.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-analyzers-common@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-backward-codecs@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-core@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-facet@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-grouping@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-misc@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queries@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queryparser@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.16-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el8eap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:50+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:50+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"discovery_date": "2023-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "RHBZ#2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/7071748",
"url": "https://access.redhat.com/solutions/7071748"
},
{
"category": "external",
"summary": "https://terrapin-attack.com/",
"url": "https://terrapin-attack.com/"
}
],
"release_date": "2023-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:50+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"category": "workaround",
"details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:50+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"known_not_affected": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:50+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-grouping-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
rhsa-2024_2764
Vulnerability from csaf_redhat
Published
2024-05-08 14:25
Modified
2024-12-31 03:12
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)
* undertow: Directory traversal vulnerability (CVE-2024-1459)
* undertow: Unrestricted request storage leads to memory exhaustion (CVE-2023-1973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)\n* undertow: Directory traversal vulnerability (CVE-2024-1459)\n* undertow: Unrestricted request storage leads to memory exhaustion (CVE-2023-1973)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2764",
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2764.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update",
"tracking": {
"current_release_date": "2024-12-31T03:12:21+00:00",
"generator": {
"date": "2024-12-31T03:12:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.4"
}
},
"id": "RHSA-2024:2764",
"initial_release_date": "2024-05-08T14:25:09+00:00",
"revision_history": [
{
"date": "2024-05-08T14:25:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-08T14:25:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-31T03:12:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 8.0 for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss EAP 8.0 for RHEL 9",
"product": {
"name": "Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"product_id": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-undertow@2.3.11-1.SP1_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src",
"product_id": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-undertow@2.3.11-1.SP1_redhat_00001.1.el9eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-undertow@2.3.11-1.SP1_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-undertow@2.3.11-1.SP1_redhat_00001.1.el9eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:25:09+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:25:09+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-08T14:25:09+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el8eap.src",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-undertow-0:2.3.11-1.SP1_redhat_00001.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
}
]
}
rhsa-2024_1674
Vulnerability from csaf_redhat
Published
2024-04-04 15:23
Modified
2025-01-06 19:39
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)
* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)
* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)
* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.16 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.15, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.16 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing [eap-7.4.z] (CVE-2023-4639)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [eap-7.4.z] (CVE-2023-48795)\n\n* undertow: unrestricted request storage leads to memory exhaustion [eap-7.4.z] (CVE-2023-1973)\n\n* undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol [eap-7.4.z] (CVE-2024-1635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1674",
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"category": "external",
"summary": "2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "JBEAP-19969",
"url": "https://issues.redhat.com/browse/JBEAP-19969"
},
{
"category": "external",
"summary": "JBEAP-26168",
"url": "https://issues.redhat.com/browse/JBEAP-26168"
},
{
"category": "external",
"summary": "JBEAP-26280",
"url": "https://issues.redhat.com/browse/JBEAP-26280"
},
{
"category": "external",
"summary": "JBEAP-26291",
"url": "https://issues.redhat.com/browse/JBEAP-26291"
},
{
"category": "external",
"summary": "JBEAP-26318",
"url": "https://issues.redhat.com/browse/JBEAP-26318"
},
{
"category": "external",
"summary": "JBEAP-26343",
"url": "https://issues.redhat.com/browse/JBEAP-26343"
},
{
"category": "external",
"summary": "JBEAP-26355",
"url": "https://issues.redhat.com/browse/JBEAP-26355"
},
{
"category": "external",
"summary": "JBEAP-26414",
"url": "https://issues.redhat.com/browse/JBEAP-26414"
},
{
"category": "external",
"summary": "JBEAP-26467",
"url": "https://issues.redhat.com/browse/JBEAP-26467"
},
{
"category": "external",
"summary": "JBEAP-26533",
"url": "https://issues.redhat.com/browse/JBEAP-26533"
},
{
"category": "external",
"summary": "JBEAP-26552",
"url": "https://issues.redhat.com/browse/JBEAP-26552"
},
{
"category": "external",
"summary": "JBEAP-26587",
"url": "https://issues.redhat.com/browse/JBEAP-26587"
},
{
"category": "external",
"summary": "JBEAP-26616",
"url": "https://issues.redhat.com/browse/JBEAP-26616"
},
{
"category": "external",
"summary": "JBEAP-26617",
"url": "https://issues.redhat.com/browse/JBEAP-26617"
},
{
"category": "external",
"summary": "JBEAP-26636",
"url": "https://issues.redhat.com/browse/JBEAP-26636"
},
{
"category": "external",
"summary": "JBEAP-26660",
"url": "https://issues.redhat.com/browse/JBEAP-26660"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1674.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.16 Security update",
"tracking": {
"current_release_date": "2025-01-06T19:39:48+00:00",
"generator": {
"date": "2025-01-06T19:39:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.5"
}
},
"id": "RHSA-2024:1674",
"initial_release_date": "2024-04-04T15:23:51+00:00",
"revision_history": [
{
"date": "2024-04-04T15:23:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-04T15:23:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-06T19:39:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.4-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.4-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-3.SP3_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-3.SP3_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.3.202401111512-1.r_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-18.redhat_00052.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.22-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-35.Final_redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-35.Final_redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-35.Final_redhat_00034.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.36-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.30-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.27-4.SP2_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.12-1.SP2_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-insights-java-client@1.1.2-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-analyzers-common@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-backward-codecs@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-core@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-facet@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-misc@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queries@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-queryparser@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_id": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-lucene-solr@5.5.5-6.redhat_2.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-annotations-api_1.3_spec@2.0.1-3.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.16-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product_id": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper@1.1.2-1.redhat_00001.1.el7eap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product": {
"name": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product_id": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-cert-helper-debuginfo@1.1.2-1.redhat_00001.1.el7eap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64"
},
"product_reference": "eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64"
},
"product_reference": "eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src"
},
"product_reference": "eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2185662"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: unrestricted request storage leads to memory exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"category": "external",
"summary": "RHBZ#2185662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1973"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:51+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: unrestricted request storage leads to memory exhaustion"
},
{
"acknowledgments": [
{
"names": [
"Ankur Sundara"
]
}
],
"cve": "CVE-2023-4639",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2023-01-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2166022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Cookie Smuggling/Spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4639"
},
{
"category": "external",
"summary": "RHBZ#2166022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:51+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: Cookie Smuggling/Spoofing"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"discovery_date": "2023-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2254210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "RHBZ#2254210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/7071748",
"url": "https://access.redhat.com/solutions/7071748"
},
{
"category": "external",
"summary": "https://terrapin-attack.com/",
"url": "https://terrapin-attack.com/"
}
],
"release_date": "2023-12-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:51+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"category": "workaround",
"details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)"
},
{
"acknowledgments": [
{
"names": [
"AAIB IT Unix Team"
]
}
],
"cve": "CVE-2024-1459",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2024-01-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2259475"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: directory traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1459"
},
{
"category": "external",
"summary": "RHBZ#2259475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459"
}
],
"release_date": "2024-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:51+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: directory traversal vulnerability"
},
{
"cve": "CVE-2024-1635",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2264928"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. \r\n\r\nAt HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as Important due to the fact that this might be an unauthenticated remote issue exploited by a malicious user, causing a denial of service (DoS) to the affected server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1635"
},
{
"category": "external",
"summary": "RHBZ#2264928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1635"
}
],
"release_date": "2023-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-04T15:23:51+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this vulnerability. However, there might be some protections, such as request limits by a load balancer in front of JBoss EAP/Wildfly or even Undertow, that could minimize the impact.",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-18.redhat_00052.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-18.redhat_00052.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.4.10-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.4.10-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-eclipse-jgit-0:5.13.3.202401111512-1.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.4-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-0:5.3.36-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.36-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-insights-java-client-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-3.SP3_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-3.SP3_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-annotations-api_1.3_spec-0:2.0.1-3.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-cert-helper-debuginfo-0:1.1.2-1.redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.27-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-35.Final_redhat_00034.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-35.Final_redhat_00034.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.12-1.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-lucene-analyzers-common-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-backward-codecs-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-core-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-facet-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-misc-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queries-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-queryparser-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-lucene-solr-0:5.5.5-6.redhat_2.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-undertow-0:2.2.30-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.4-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.16-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.22-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.22-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.16-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol"
}
]
}
WID-SEC-W-2024-1084
Vulnerability from csaf_certbund
Published
2024-05-09 22:00
Modified
2024-06-13 22:00
Summary
Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Angriff
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JBoss Enterprise Application Platform ist eine skalierbare Plattform f\u00fcr Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1084 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1084.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1084 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1084"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2763 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2764 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
},
{
"category": "external",
"summary": "RedHat Security Advisory",
"url": "https://access.redhat.com/errata/RHSA-2024:3919"
}
],
"source_lang": "en-US",
"title": "Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-06-13T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:08:45.714+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-1084",
"initial_release_date": "2024-05-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-05-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-06-13T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "T035142",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.0",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c8.0",
"product_id": "T034675"
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform. Diese Fehler bestehen in der Undertow-Komponente aufgrund einer unsachgem\u00e4\u00dfen Eingabevalidierung, eines HTTP-Request-Schmuggels und eines Path-Traversal-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand auszul\u00f6sen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T035142"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-1973"
},
{
"cve": "CVE-2023-4639",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform. Diese Fehler bestehen in der Undertow-Komponente aufgrund einer unsachgem\u00e4\u00dfen Eingabevalidierung, eines HTTP-Request-Schmuggels und eines Path-Traversal-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand auszul\u00f6sen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T035142"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-4639"
},
{
"cve": "CVE-2024-1459",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform. Diese Fehler bestehen in der Undertow-Komponente aufgrund einer unsachgem\u00e4\u00dfen Eingabevalidierung, eines HTTP-Request-Schmuggels und eines Path-Traversal-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand auszul\u00f6sen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T035142"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2024-1459"
}
]
}
wid-sec-w-2024-1084
Vulnerability from csaf_certbund
Published
2024-05-09 22:00
Modified
2024-06-13 22:00
Summary
Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Angriff
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JBoss Enterprise Application Platform ist eine skalierbare Plattform f\u00fcr Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1084 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1084.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1084 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1084"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2763 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2764 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
},
{
"category": "external",
"summary": "RedHat Security Advisory",
"url": "https://access.redhat.com/errata/RHSA-2024:3919"
}
],
"source_lang": "en-US",
"title": "Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-06-13T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:08:45.714+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-1084",
"initial_release_date": "2024-05-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-05-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-06-13T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "T035142",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.0",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c8.0",
"product_id": "T034675"
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1973",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform. Diese Fehler bestehen in der Undertow-Komponente aufgrund einer unsachgem\u00e4\u00dfen Eingabevalidierung, eines HTTP-Request-Schmuggels und eines Path-Traversal-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand auszul\u00f6sen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T035142"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-1973"
},
{
"cve": "CVE-2023-4639",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform. Diese Fehler bestehen in der Undertow-Komponente aufgrund einer unsachgem\u00e4\u00dfen Eingabevalidierung, eines HTTP-Request-Schmuggels und eines Path-Traversal-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand auszul\u00f6sen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T035142"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2023-4639"
},
{
"cve": "CVE-2024-1459",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform. Diese Fehler bestehen in der Undertow-Komponente aufgrund einer unsachgem\u00e4\u00dfen Eingabevalidierung, eines HTTP-Request-Schmuggels und eines Path-Traversal-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand auszul\u00f6sen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T035142"
]
},
"release_date": "2024-05-09T22:00:00.000+00:00",
"title": "CVE-2024-1459"
}
]
}
gsd-2023-1973
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-1973",
"id": "GSD-2023-1973"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-1973"
],
"id": "GSD-2023-1973",
"modified": "2023-12-13T01:20:41.594867Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-1973",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
ghsa-97cq-f4jm-mv8h
Vulnerability from github
Published
2024-11-07 12:30
Modified
2024-11-07 18:10
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.6 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
6.6 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
Summary
Undertow Denial of Service vulnerability
Details
A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.undertow:undertow-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.32.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "io.undertow:undertow-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0.Alpha1"
},
{
"fixed": "2.3.13.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-1973"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2024-11-07T18:10:18Z",
"nvd_published_at": "2024-11-07T10:15:05Z",
"severity": "MODERATE"
},
"details": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory.",
"id": "GHSA-97cq-f4jm-mv8h",
"modified": "2024-11-07T18:10:18Z",
"published": "2024-11-07T12:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973"
},
{
"type": "WEB",
"url": "https://github.com/undertow-io/undertow/commit/0410f3c4d9b39b754a2203a29834cac51da11258"
},
{
"type": "WEB",
"url": "https://github.com/undertow-io/undertow/commit/b289b18bc0ba40c134698a430c70ca1835c51d78"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
},
{
"type": "PACKAGE",
"url": "https://github.com/undertow-io/undertow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Undertow Denial of Service vulnerability"
}
fkie_cve-2023-1973
Vulnerability from fkie_nvd
Published
2024-11-07 10:15
Modified
2024-11-08 19:01
Severity ?
Summary
A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server\u0027s memory."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en el paquete Undertow. Mediante el uso de FormAuthenticationMechanism, un usuario malintencionado podr\u00eda provocar una denegaci\u00f3n de servicio mediante el env\u00edo de solicitudes manipuladas, lo que provocar\u00eda un error de falta de memoria en el servidor y agotar\u00eda su memoria."
}
],
"id": "CVE-2023-1973",
"lastModified": "2024-11-08T19:01:03.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Primary"
}
]
},
"published": "2024-11-07T10:15:05.400",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:1674"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:1675"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:1676"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:1677"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:2763"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:2764"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/security/cve/CVE-2023-1973"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.