{"id":"RHSA-2024:5856","summary":"Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.7 on RHEL 7 security update","modified":"2026-04-02T10:10:06Z","published":"2024-09-29T18:52:22Z","upstream":["CVE-2019-10086","CVE-2019-10174","CVE-2019-12384","CVE-2019-14379","CVE-2019-14843","CVE-2019-14888","CVE-2019-16869","CVE-2019-17531","CVE-2019-20444","CVE-2019-20445","CVE-2019-9511","CVE-2019-9512","CVE-2019-9514","CVE-2019-9515","CVE-2020-1710","CVE-2020-1745","CVE-2020-1757","CVE-2021-4104","CVE-2022-23302","CVE-2022-23305","CVE-2022-23307"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:5856"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#important"},{"type":"ARTICLE","url":"https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1"},{"type":"ARTICLE","url":"https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1703469"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1725807"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735645"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735744"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735745"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1737517"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741860"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1752770"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1752980"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1758619"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1767483"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1772464"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1775293"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1793970"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798509"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1798524"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1807305"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2031667"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2041949"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2041959"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2041967"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/JBEAP-24826"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5856.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2019-9511"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2019-9511"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9511"},{"type":"ARTICLE","url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"},{"type":"ARTICLE","url":"https://kb.cert.org/vuls/id/605641/"},{"type":"ARTICLE","url":"https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/"},{"type":"ARTICLE","url":"https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2019-9512"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2019-9512"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9512"},{"type":"ARTICLE","url":"https://groups.google.com/forum/#!topic/golang-announce/65QixT3tcmg"},{"type":"ARTICLE","url":"https://groups.google.com/forum/#!topic/kubernetes-security-announce/wlHLHit1BqA"},{"type":"ARTICLE","url":"https://www.mail-archive.com/grpc-io@googlegroups.com/msg06408.html"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2019-9514"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2019-9514"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9514"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2019-9515"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2019-9515"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9515"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2019-10086"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2019-10086"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10086"},{"type":"ARTICLE","url":"https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2019-10174"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2019-10174"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10174"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2019-12384"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2019-12384"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12384"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2019-14379"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2019-14379"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14379"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2019-14843"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2019-14843"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14843"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2019-14888"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2019-14888"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14888"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2019-16869"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2019-16869"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16869"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2019-17531"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2019-17531"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17531"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2019-20444"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2019-20444"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-20444"},{"type":"ARTICLE","url":"https://github.com/elastic/elasticsearch/issues/49396"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2019-20445"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2019-20445"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-20445"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2020-1710"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2020-1710"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1710"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2020-1745"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2020-1745"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1745"},{"type":"ARTICLE","url":"https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/"},{"type":"ARTICLE","url":"https://www.cnvd.org.cn/webinfo/show/5415"},{"type":"ARTICLE","url":"https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2020-1757"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2020-1757"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1757"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-4104"},{"type":"ARTICLE","url":"https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-4104"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4104"},{"type":"ARTICLE","url":"https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126"},{"type":"ARTICLE","url":"https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301"},{"type":"ARTICLE","url":"https://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx"},{"type":"ARTICLE","url":"https://www.openwall.com/lists/oss-security/2021/12/13/1"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-23302"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-23302"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23302"},{"type":"ARTICLE","url":"https://www.openwall.com/lists/oss-security/2022/01/18/3"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-23305"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-23305"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23305"},{"type":"ARTICLE","url":"https://www.openwall.com/lists/oss-security/2022/01/18/4"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-23307"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-23307"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23307"},{"type":"ARTICLE","url":"https://www.openwall.com/lists/oss-security/2022/01/18/5"}],"affected":[{"package":{"name":"eap7-apache-commons-beanutils","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-apache-commons-beanutils"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.9.4-1.redhat_00002.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:5856.json"}},{"package":{"name":"eap7-infinispan","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-infinispan"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.2.11-1.SP2_redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:5856.json"}},{"package":{"name":"eap7-infinispan-cachestore-jdbc","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.2.11-1.SP2_redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:5856.json"}},{"package":{"name":"eap7-infinispan-cachestore-remote","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-infinispan-cachestore-remote"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.2.11-1.SP2_redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:5856.json"}},{"package":{"name":"eap7-infinispan-client-hotrod","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-infinispan-client-hotrod"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.2.11-1.SP2_redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:5856.json"}},{"package":{"name":"eap7-infinispan-commons","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-infinispan-commons"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.2.11-1.SP2_redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:5856.json"}},{"package":{"name":"eap7-infinispan-core","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-infinispan-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.2.11-1.SP2_redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:5856.json"}},{"package":{"name":"eap7-jackson-databind","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-jackson-databind"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.8.11.5-1.redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:5856.json"}},{"package":{"name":"eap7-log4j-jboss-logmanager","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-log4j-jboss-logmanager"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.2-1.Final_redhat_00002.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:5856.json"}},{"package":{"name":"eap7-netty","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-netty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.1.45-1.Final_redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:5856.json"}},{"package":{"name":"eap7-netty-all","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-netty-all"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.1.45-1.Final_redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:5856.json"}},{"package":{"name":"eap7-undertow","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-undertow"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.18-12.SP12_redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:5856.json"}},{"package":{"name":"eap7-wildfly","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-wildfly"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.1.7-2.GA_redhat_00002.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:5856.json"}},{"package":{"name":"eap7-wildfly-elytron","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-wildfly-elytron"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.1.13-1.Final_redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:5856.json"}},{"package":{"name":"eap7-wildfly-modules","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-wildfly-modules"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.1.7-2.GA_redhat_00002.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2024:5856.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}