{"id":"RHSA-2018:2276","summary":"Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1 security update","modified":"2026-03-18T11:30:25.905554Z","published":"2024-09-13T19:49:45Z","upstream":["CVE-2018-10862","CVE-2018-8039"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2276"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#important"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1593527"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1595332"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2276.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2018-8039"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2018-8039"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8039"},{"type":"ARTICLE","url":"http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2018-10862"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2018-10862"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10862"},{"type":"ARTICLE","url":"https://snyk.io/research/zip-slip-vulnerability"}],"affected":[{"package":{"name":"eap7-apache-cxf","ecosystem":"Red Hat:jboss_enterprise_application_platform:7::el6","purl":"pkg:rpm/redhat/eap7-apache-cxf"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.1.16-1.redhat_1.1.ep7.el6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-apache-cxf-rt","ecosystem":"Red Hat:jboss_enterprise_application_platform:7::el6","purl":"pkg:rpm/redhat/eap7-apache-cxf-rt"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.1.16-1.redhat_1.1.ep7.el6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-apache-cxf-services","ecosystem":"Red Hat:jboss_enterprise_application_platform:7::el6","purl":"pkg:rpm/redhat/eap7-apache-cxf-services"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.1.16-1.redhat_1.1.ep7.el6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-apache-cxf-tools","ecosystem":"Red Hat:jboss_enterprise_application_platform:7::el6","purl":"pkg:rpm/redhat/eap7-apache-cxf-tools"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.1.16-1.redhat_1.1.ep7.el6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-wildfly","ecosystem":"Red Hat:jboss_enterprise_application_platform:7::el6","purl":"pkg:rpm/redhat/eap7-wildfly"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.1.3-4.GA_redhat_3.1.ep7.el6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-wildfly-modules","ecosystem":"Red Hat:jboss_enterprise_application_platform:7::el6","purl":"pkg:rpm/redhat/eap7-wildfly-modules"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.1.3-4.GA_redhat_3.1.ep7.el6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-wss4j","ecosystem":"Red Hat:jboss_enterprise_application_platform:7::el6","purl":"pkg:rpm/redhat/eap7-wss4j"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.1.12-1.redhat_1.1.ep7.el6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-wss4j-bindings","ecosystem":"Red Hat:jboss_enterprise_application_platform:7::el6","purl":"pkg:rpm/redhat/eap7-wss4j-bindings"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.1.12-1.redhat_1.1.ep7.el6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-wss4j-policy","ecosystem":"Red Hat:jboss_enterprise_application_platform:7::el6","purl":"pkg:rpm/redhat/eap7-wss4j-policy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.1.12-1.redhat_1.1.ep7.el6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-wss4j-ws-security-common","ecosystem":"Red Hat:jboss_enterprise_application_platform:7::el6","purl":"pkg:rpm/redhat/eap7-wss4j-ws-security-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.1.12-1.redhat_1.1.ep7.el6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-wss4j-ws-security-dom","ecosystem":"Red Hat:jboss_enterprise_application_platform:7::el6","purl":"pkg:rpm/redhat/eap7-wss4j-ws-security-dom"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.1.12-1.redhat_1.1.ep7.el6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-wss4j-ws-security-policy-stax","ecosystem":"Red Hat:jboss_enterprise_application_platform:7::el6","purl":"pkg:rpm/redhat/eap7-wss4j-ws-security-policy-stax"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.1.12-1.redhat_1.1.ep7.el6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-wss4j-ws-security-stax","ecosystem":"Red Hat:jboss_enterprise_application_platform:7::el6","purl":"pkg:rpm/redhat/eap7-wss4j-ws-security-stax"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.1.12-1.redhat_1.1.ep7.el6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-xml-security","ecosystem":"Red Hat:jboss_enterprise_application_platform:7::el6","purl":"pkg:rpm/redhat/eap7-xml-security"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.0.10-1.redhat_1.1.ep7.el6"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-apache-cxf","ecosystem":"Red Hat:jboss_enterprise_application_platform:7.1::el7","purl":"pkg:rpm/redhat/eap7-apache-cxf"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.1.16-1.redhat_1.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-apache-cxf-rt","ecosystem":"Red Hat:jboss_enterprise_application_platform:7.1::el7","purl":"pkg:rpm/redhat/eap7-apache-cxf-rt"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.1.16-1.redhat_1.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-apache-cxf-services","ecosystem":"Red Hat:jboss_enterprise_application_platform:7.1::el7","purl":"pkg:rpm/redhat/eap7-apache-cxf-services"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.1.16-1.redhat_1.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-apache-cxf-tools","ecosystem":"Red Hat:jboss_enterprise_application_platform:7.1::el7","purl":"pkg:rpm/redhat/eap7-apache-cxf-tools"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.1.16-1.redhat_1.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-wildfly","ecosystem":"Red Hat:jboss_enterprise_application_platform:7.1::el7","purl":"pkg:rpm/redhat/eap7-wildfly"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.1.3-4.GA_redhat_3.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-wildfly-modules","ecosystem":"Red Hat:jboss_enterprise_application_platform:7.1::el7","purl":"pkg:rpm/redhat/eap7-wildfly-modules"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.1.3-4.GA_redhat_3.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-wss4j","ecosystem":"Red Hat:jboss_enterprise_application_platform:7.1::el7","purl":"pkg:rpm/redhat/eap7-wss4j"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.1.12-1.redhat_1.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-wss4j-bindings","ecosystem":"Red Hat:jboss_enterprise_application_platform:7.1::el7","purl":"pkg:rpm/redhat/eap7-wss4j-bindings"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.1.12-1.redhat_1.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-wss4j-policy","ecosystem":"Red Hat:jboss_enterprise_application_platform:7.1::el7","purl":"pkg:rpm/redhat/eap7-wss4j-policy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.1.12-1.redhat_1.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-wss4j-ws-security-common","ecosystem":"Red Hat:jboss_enterprise_application_platform:7.1::el7","purl":"pkg:rpm/redhat/eap7-wss4j-ws-security-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.1.12-1.redhat_1.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-wss4j-ws-security-dom","ecosystem":"Red Hat:jboss_enterprise_application_platform:7.1::el7","purl":"pkg:rpm/redhat/eap7-wss4j-ws-security-dom"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.1.12-1.redhat_1.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-wss4j-ws-security-policy-stax","ecosystem":"Red Hat:jboss_enterprise_application_platform:7.1::el7","purl":"pkg:rpm/redhat/eap7-wss4j-ws-security-policy-stax"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.1.12-1.redhat_1.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-wss4j-ws-security-stax","ecosystem":"Red Hat:jboss_enterprise_application_platform:7.1::el7","purl":"pkg:rpm/redhat/eap7-wss4j-ws-security-stax"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.1.12-1.redhat_1.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}},{"package":{"name":"eap7-xml-security","ecosystem":"Red Hat:jboss_enterprise_application_platform:7.1::el7","purl":"pkg:rpm/redhat/eap7-xml-security"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.0.10-1.redhat_1.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2018:2276.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"}]}