RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.1 Security update (Important) (RHSA-2020:2512)

critical Nessus Plugin ID 137333

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2512 advisory.

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

* cxf: reflected XSS in the services listing page (CVE-2019-17573)

* cxf-core: cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)

* jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

* undertow: servletPath in normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)

* jackson-databind: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

* jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

* resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

* cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)

* smallrye-config: SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader (CVE-2020-1729)

* resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688)

* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)

* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)

* libthrift: thrift: Endless loop when feed with specific input data (CVE-2019-0205)

* libthrift: thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)

* wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887)

* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)

* jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://issues.redhat.com/browse/JBEAP-18060

https://issues.redhat.com/browse/JBEAP-18163

https://issues.redhat.com/browse/JBEAP-18221

https://issues.redhat.com/browse/JBEAP-18240

https://issues.redhat.com/browse/JBEAP-18241

https://issues.redhat.com/browse/JBEAP-18273

https://issues.redhat.com/browse/JBEAP-18277

https://issues.redhat.com/browse/JBEAP-18288

https://issues.redhat.com/browse/JBEAP-18294

https://issues.redhat.com/browse/JBEAP-18302

https://issues.redhat.com/browse/JBEAP-18315

https://issues.redhat.com/browse/JBEAP-18346

https://issues.redhat.com/browse/JBEAP-18352

https://issues.redhat.com/browse/JBEAP-18361

https://issues.redhat.com/browse/JBEAP-18367

https://issues.redhat.com/browse/JBEAP-18393

https://issues.redhat.com/browse/JBEAP-18398

https://issues.redhat.com/browse/JBEAP-18409

https://issues.redhat.com/browse/JBEAP-18527

https://issues.redhat.com/browse/JBEAP-18528

https://issues.redhat.com/browse/JBEAP-18596

https://issues.redhat.com/browse/JBEAP-18598

https://issues.redhat.com/browse/JBEAP-18640

https://issues.redhat.com/browse/JBEAP-18653

https://issues.redhat.com/browse/JBEAP-18706

https://issues.redhat.com/browse/JBEAP-18770

https://issues.redhat.com/browse/JBEAP-18775

https://issues.redhat.com/browse/JBEAP-18788

https://issues.redhat.com/browse/JBEAP-18790

https://issues.redhat.com/browse/JBEAP-18818

https://issues.redhat.com/browse/JBEAP-18836

https://issues.redhat.com/browse/JBEAP-18850

https://issues.redhat.com/browse/JBEAP-18870

http://www.nessus.org/u?34e23b20

http://www.nessus.org/u?39676da8

http://www.nessus.org/u?a8e76935

https://access.redhat.com/errata/RHSA-2020:2512

https://bugzilla.redhat.com/show_bug.cgi?id=1607709

https://bugzilla.redhat.com/show_bug.cgi?id=1715075

https://bugzilla.redhat.com/show_bug.cgi?id=1730462

https://bugzilla.redhat.com/show_bug.cgi?id=1752770

https://bugzilla.redhat.com/show_bug.cgi?id=1764607

https://bugzilla.redhat.com/show_bug.cgi?id=1764612

https://bugzilla.redhat.com/show_bug.cgi?id=1772008

https://bugzilla.redhat.com/show_bug.cgi?id=1797006

https://bugzilla.redhat.com/show_bug.cgi?id=1797011

https://bugzilla.redhat.com/show_bug.cgi?id=1801380

https://bugzilla.redhat.com/show_bug.cgi?id=1802444

https://bugzilla.redhat.com/show_bug.cgi?id=1805006

https://bugzilla.redhat.com/show_bug.cgi?id=1807305

https://bugzilla.redhat.com/show_bug.cgi?id=1814974

https://bugzilla.redhat.com/show_bug.cgi?id=1816330

https://bugzilla.redhat.com/show_bug.cgi?id=1816332

https://bugzilla.redhat.com/show_bug.cgi?id=1816337

https://bugzilla.redhat.com/show_bug.cgi?id=1816340

https://bugzilla.redhat.com/show_bug.cgi?id=1828459

https://issues.redhat.com/browse/JBEAP-16114

https://issues.redhat.com/browse/JBEAP-18875

https://issues.redhat.com/browse/JBEAP-18876

https://issues.redhat.com/browse/JBEAP-18877

https://issues.redhat.com/browse/JBEAP-18878

https://issues.redhat.com/browse/JBEAP-18879

https://issues.redhat.com/browse/JBEAP-18929

https://issues.redhat.com/browse/JBEAP-18990

https://issues.redhat.com/browse/JBEAP-18991

https://issues.redhat.com/browse/JBEAP-19035

https://issues.redhat.com/browse/JBEAP-19054

https://issues.redhat.com/browse/JBEAP-19066

https://issues.redhat.com/browse/JBEAP-19117

https://issues.redhat.com/browse/JBEAP-19133

https://issues.redhat.com/browse/JBEAP-19156

https://issues.redhat.com/browse/JBEAP-19181

https://issues.redhat.com/browse/JBEAP-19192

https://issues.redhat.com/browse/JBEAP-19232

https://issues.redhat.com/browse/JBEAP-19281

https://issues.redhat.com/browse/JBEAP-19456

https://access.redhat.com/security/updates/classification/#important

Plugin Details

Severity: Critical

ID: 137333

File Name: redhat-RHSA-2020-2512.nasl

Version: 1.12

Type: local

Agent: unix

Published: 6/11/2020

Updated: 11/7/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-8840

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2020-9548

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:eap7-weld-jta, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-impl, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-vfs, p-cpe:/a:redhat:enterprise_linux:eap7-infinispan, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jettison-provider, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-xmlsec-impl, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-jsf-api_2.3_spec, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-annotations, p-cpe:/a:redhat:enterprise_linux:eap7-jaxb-xjc, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-weld-3.1-api, p-cpe:/a:redhat:enterprise_linux:eap7-microprofile-config, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-security-api, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-client, p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-jaxrs, p-cpe:/a:redhat:enterprise_linux:eap7-jaxb-runtime, p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-impl, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly16.0-server, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-entitymanager, p-cpe:/a:redhat:enterprise_linux:eap7-glassfish-jaxb, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-envers, p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-remote, p-cpe:/a:redhat:enterprise_linux:eap7-jaegertracing-jaeger-client-java, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-binding-provider, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-cli, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxrs, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-jdbc, p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-jdbc, p-cpe:/a:redhat:enterprise_linux:eap7-smallrye-opentracing, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-security-impl, p-cpe:/a:redhat:enterprise_linux:eap7-weld-ejb, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hornetq-protocol, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-tools, p-cpe:/a:redhat:enterprise_linux:eap7-weld-web, p-cpe:/a:redhat:enterprise_linux:eap7-jaegertracing-jaeger-client-java-core, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-service-extensions, p-cpe:/a:redhat:enterprise_linux:eap7-picketbox, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4-to-eap7.3, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jsapi, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-commons, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk11, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-core, p-cpe:/a:redhat:enterprise_linux:eap7-wss4j-ws-security-stax, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-xacml-impl, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-cli, p-cpe:/a:redhat:enterprise_linux:eap7-relaxng-datatype, p-cpe:/a:redhat:enterprise_linux:eap7-microprofile-config-api, p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-tools, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-impl, p-cpe:/a:redhat:enterprise_linux:eap7-smallrye-config, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-core-client, p-cpe:/a:redhat:enterprise_linux:eap7-microprofile-opentracing-api, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-soap-api, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly13.0-server, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-base, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-spi, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-server, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-crypto, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-istack-commons-tools, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-genericjms, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-atom-provider, p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-core-asl, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-validator, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-wildfly8, p-cpe:/a:redhat:enterprise_linux:eap7-microprofile-metrics-api, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-multipart-provider, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-providers, p-cpe:/a:redhat:enterprise_linux:eap7-snakeyaml, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-naming-client, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-core, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-profile-api, p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-spi, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jsr310, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-validator-provider-11, p-cpe:/a:redhat:enterprise_linux:eap7-wss4j, p-cpe:/a:redhat:enterprise_linux:eap7-istack-commons-runtime, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-saml-impl, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly18.0-server, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-rxjava2, p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-commons, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson-provider, p-cpe:/a:redhat:enterprise_linux:eap7-microprofile-rest-client-api, p-cpe:/a:redhat:enterprise_linux:eap7-cryptacular, p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-client-hotrod, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hqclient-protocol, p-cpe:/a:redhat:enterprise_linux:eap7-woodstox-core, p-cpe:/a:redhat:enterprise_linux:eap7-microprofile-health, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-transaction-client, p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-xc, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-api, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-xmlsec-api, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-api, p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-commons, p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-jsf, p-cpe:/a:redhat:enterprise_linux:eap7-wss4j-ws-security-policy-stax, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.2-to-eap7.3, p-cpe:/a:redhat:enterprise_linux:eap7-jasypt, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly17.0-server, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-ra, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-deployers-common, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-core, p-cpe:/a:redhat:enterprise_linux:eap7-bouncycastle-pkix, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-saml-api, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jdk8, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk8, p-cpe:/a:redhat:enterprise_linux:eap7-codemodel, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-journal, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-client-microprofile, p-cpe:/a:redhat:enterprise_linux:eap7-microprofile-opentracing, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4, p-cpe:/a:redhat:enterprise_linux:eap7-txw2, p-cpe:/a:redhat:enterprise_linux:eap7-sun-istack-commons, p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-v53, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-remoting-jmx, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-databind, p-cpe:/a:redhat:enterprise_linux:eap7-bouncycastle, p-cpe:/a:redhat:enterprise_linux:eap7-rngom, p-cpe:/a:redhat:enterprise_linux:eap7-xsom, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-module-jaxb-annotations, p-cpe:/a:redhat:enterprise_linux:eap7-jandex, p-cpe:/a:redhat:enterprise_linux:eap7-stax2-api, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-transaction-client, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly15.0-server, p-cpe:/a:redhat:enterprise_linux:eap7-glassfish-jsf, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.3-server, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jose-jwt, p-cpe:/a:redhat:enterprise_linux:eap7-undertow, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-ejb-client, p-cpe:/a:redhat:enterprise_linux:eap7-picketbox-infinispan, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-java8, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-json-provider, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-xacml-saml-impl, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0, p-cpe:/a:redhat:enterprise_linux:eap7-microprofile-rest-client, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-yaml-provider, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jdbc-store, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0, p-cpe:/a:redhat:enterprise_linux:eap7-wss4j-ws-security-common, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-server, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-base, p-cpe:/a:redhat:enterprise_linux:eap7-hal-console, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly14.0-server, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-xacml-api, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml, p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-rt, p-cpe:/a:redhat:enterprise_linux:eap7-microprofile-metrics, p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-ejb-client, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-bindings, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron-tool, p-cpe:/a:redhat:enterprise_linux:eap7-undertow-server, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxb-provider, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-cdi, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-weld-3.1-api-weld-spi, p-cpe:/a:redhat:enterprise_linux:eap7-weld-probe-core, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-xacml-saml-api, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-spring, p-cpe:/a:redhat:enterprise_linux:eap7-wss4j-ws-security-dom, p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-core, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-client, p-cpe:/a:redhat:enterprise_linux:eap7-bouncycastle-prov, p-cpe:/a:redhat:enterprise_linux:eap7-bouncycastle-mail, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-dto, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-client-common, p-cpe:/a:redhat:enterprise_linux:eap7-weld-core, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-java8, p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-mapper-asl, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson2-provider, p-cpe:/a:redhat:enterprise_linux:eap7-wss4j-bindings, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-weld-3.1-api-weld-api, p-cpe:/a:redhat:enterprise_linux:eap7-jaxb-jxc, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-remoting, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-p-provider, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-naming-client, p-cpe:/a:redhat:enterprise_linux:eap7-smallrye-metrics, p-cpe:/a:redhat:enterprise_linux:eap7-wss4j-policy, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-core, p-cpe:/a:redhat:enterprise_linux:eap7-elytron-web, p-cpe:/a:redhat:enterprise_linux:eap7-smallrye-health, p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-services, p-cpe:/a:redhat:enterprise_linux:eap7-jakarta-el, p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-client, p-cpe:/a:redhat:enterprise_linux:eap7-jaegertracing-jaeger-client-java-thrift, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-selector, p-cpe:/a:redhat:enterprise_linux:eap7-slf4j-jboss-logmanager, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-modules

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/11/2020

Vulnerability Publication Date: 7/18/2018

Reference Information

CVE: CVE-2018-14371, CVE-2019-0205, CVE-2019-0210, CVE-2019-10172, CVE-2019-12423, CVE-2019-14887, CVE-2019-17573, CVE-2020-10688, CVE-2020-10705, CVE-2020-10719, CVE-2020-1695, CVE-2020-1719, CVE-2020-1729, CVE-2020-1745, CVE-2020-1757, CVE-2020-6950, CVE-2020-7226, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548

CWE: 125, 20, 200, 22, 270, 285, 400, 444, 502, 522, 611, 757, 770, 79, 863

IAVA: 2020-A-0019, 2020-A-0324, 2020-A-0326

RHSA: 2020:2512