RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7 (Moderate) (RHSA-2022:4918)

critical Nessus Plugin ID 161911

Synopsis

The remote Red Hat host is missing one or more security updates for Red Hat JBoss Enterprise Application Platform 7.4.5.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4918 advisory.

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)

* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)

* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)

* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)

* h2: Remote Code Execution in Console (CVE-2021-42392)

* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)

* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)

* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)

* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)

* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)

* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)

* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)

* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)

* Moment.js: Path traversal in moment.locale (CVE-2022-24785)

* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL Red Hat JBoss Enterprise Application Platform 7.4.5 package based on the guidance in RHSA-2022:4918.

See Also

http://www.nessus.org/u?1e3734e9

http://www.nessus.org/u?327e7d12

http://www.nessus.org/u?95a15247

https://access.redhat.com/security/updates/classification/#moderate

https://access.redhat.com/errata/RHSA-2022:4918

https://bugzilla.redhat.com/show_bug.cgi?id=2004133

https://bugzilla.redhat.com/show_bug.cgi?id=2004135

https://bugzilla.redhat.com/show_bug.cgi?id=2031958

https://bugzilla.redhat.com/show_bug.cgi?id=2039403

https://bugzilla.redhat.com/show_bug.cgi?id=2041472

https://bugzilla.redhat.com/show_bug.cgi?id=2044596

https://bugzilla.redhat.com/show_bug.cgi?id=2047200

https://bugzilla.redhat.com/show_bug.cgi?id=2047343

https://bugzilla.redhat.com/show_bug.cgi?id=2060725

https://bugzilla.redhat.com/show_bug.cgi?id=2060929

https://bugzilla.redhat.com/show_bug.cgi?id=2063601

https://bugzilla.redhat.com/show_bug.cgi?id=2064226

https://bugzilla.redhat.com/show_bug.cgi?id=2064698

https://bugzilla.redhat.com/show_bug.cgi?id=2072009

https://bugzilla.redhat.com/show_bug.cgi?id=2073890

https://issues.redhat.com/browse/JBEAP-23120

https://issues.redhat.com/browse/JBEAP-23171

https://issues.redhat.com/browse/JBEAP-23194

https://issues.redhat.com/browse/JBEAP-23241

https://issues.redhat.com/browse/JBEAP-23299

https://issues.redhat.com/browse/JBEAP-23300

https://issues.redhat.com/browse/JBEAP-23312

https://issues.redhat.com/browse/JBEAP-23313

https://issues.redhat.com/browse/JBEAP-23336

https://issues.redhat.com/browse/JBEAP-23338

https://issues.redhat.com/browse/JBEAP-23339

https://issues.redhat.com/browse/JBEAP-23351

https://issues.redhat.com/browse/JBEAP-23353

https://issues.redhat.com/browse/JBEAP-23429

https://issues.redhat.com/browse/JBEAP-23432

https://issues.redhat.com/browse/JBEAP-23451

https://issues.redhat.com/browse/JBEAP-23531

https://issues.redhat.com/browse/JBEAP-23532

Plugin Details

Severity: Critical

ID: 161911

File Name: redhat-RHSA-2022-4918.nasl

Version: 1.11

Type: local

Agent: unix

Published: 6/6/2022

Updated: 11/7/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-23221

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:eap7-netty, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules, p-cpe:/a:redhat:enterprise_linux:eap7-netty-handler-proxy, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly, p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-rxtx, p-cpe:/a:redhat:enterprise_linux:eap7-h2database, p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-mqtt, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk8, p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-redis, p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-sctp, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-journal, p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver-dns-classes-macos, p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver-dns, p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-classes-epoll, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hornetq-protocol, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-tools, p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-xml, p-cpe:/a:redhat:enterprise_linux:eap7-xerces-j2, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-service-extensions, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-client, p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-smtp, p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-dns, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-dto, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hqclient-protocol, p-cpe:/a:redhat:enterprise_linux:eap7-netty-handler, p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-classes-kqueue, p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-udt, p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-commons, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-databind, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-client-common, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-xnio-base, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk11, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-transaction-client, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-cli, p-cpe:/a:redhat:enterprise_linux:eap7-undertow, p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-http2, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-ejb-client, p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-memcache, p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-haproxy, p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec, p-cpe:/a:redhat:enterprise_linux:eap7-netty-buffer, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-core-client, p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jdbc-store, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-client, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-ra, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis, p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-http, p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-stomp, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-selector, p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-socks, p-cpe:/a:redhat:enterprise_linux:eap7-netty-common, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-server, p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-native-unix-common, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs, p-cpe:/a:redhat:enterprise_linux:eap7-netty-all, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-server, p-cpe:/a:redhat:enterprise_linux:eap7-hal-console, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-naming-client

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/6/2022

Vulnerability Publication Date: 10/19/2021

Reference Information

CVE: CVE-2020-36518, CVE-2021-37136, CVE-2021-37137, CVE-2021-42392, CVE-2021-43797, CVE-2022-0084, CVE-2022-0853, CVE-2022-0866, CVE-2022-1319, CVE-2022-21299, CVE-2022-21363, CVE-2022-23221, CVE-2022-23437, CVE-2022-23913, CVE-2022-24785

CWE: 1220, 22, 252, 280, 400, 401, 444, 502, 770, 835

RHSA: 2022:4918