QID 240508
Date Published: 2022-07-04
QID 240508: Red Hat Update for JBoss Enterprise Application Platform 6.4.2 (RHSA-2022:5459)
Red Hat jboss enterprise application platform 6 is a platform for java applications based on the wildfly application runtime.
Security Fix(es):- tomcat: multiple requests with invalid payload length in a websocket frame could lead to dos (cve-2020-13935)
- jbossweb: incomplete fix of cve-2020-13935 for websocket in jbossweb could lead to dos (cve-2020-14384)
- log4j: sql injection in log4j 1.x when application is configured to use jdbcappender (cve-2022-23305)
- log4j: unsafe deserialization flaw in chainsaw log viewer (cve-2022-23307)
- log4j: remote code execution in log4j 1.x when application is configured to use jmsappender (cve-2021-4104)
- log4j: remote code execution in log4j 1.x when application is configured to use jmssink (cve-2022-23302)
Affected Products:
- jboss enterprise application platform 6.4 for rhel 6 x86_64
- jboss enterprise application platform 6.4 for rhel 6 ppc64
- jboss enterprise application platform 6.4 for rhel 6 i386
- jboss enterprise application platform 6 for rhel 6 x86_64
- jboss enterprise application platform 6 for rhel 6 ppc64
- jboss enterprise application platform 6 for rhel 6 i386
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:5459 for updates and patch information.
Vendor References
- RHSA-2022:5459 -
access.redhat.com/errata/RHSA-2022:5459
CVEs related to QID 240508
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| RHSA-2022:5459 | Red Hat Enterprise Linux |
access.redhat.com/errata/RHSA-2022:5459 |