First published: Mon Jul 31 2017(Updated: )
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.<br>This release of Red Hat JBoss Enterprise Application Platform 7.0.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.6, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References.<br>Security Fix(es):<br><li> A deserialization flaw was discovered in jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)</li> <li> It was found that use of a JMS ObjectMessage does not safely handle user-supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the JMS ObjectMessage. (CVE-2016-4978)</li> Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/eap7-activemq-artemis | <1.1.0-18.SP21_redhat_1.1.ep7.el6 | 1.1.0-18.SP21_redhat_1.1.ep7.el6 |
redhat/eap7-glassfish-jsf | <2.2.12-2.SP4_redhat_1.1.ep7.el6 | 2.2.12-2.SP4_redhat_1.1.ep7.el6 |
redhat/eap7-hibernate | <5.0.14-1.Final_redhat_1.1.ep7.el6 | 5.0.14-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-ironjacamar | <1.3.7-1.Final_redhat_1.1.ep7.el6 | 1.3.7-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-jackson-databind | <2.5.4-2.redhat_2.1.ep7.el6 | 2.5.4-2.redhat_2.1.ep7.el6 |
redhat/eap7-jboss-modules | <1.5.4-1.Final_redhat_1.1.ep7.el6 | 1.5.4-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-jboss-remoting | <4.0.23-1.Final_redhat_1.1.ep7.el6 | 4.0.23-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-jboss-xnio-base | <3.4.6-1.Final_redhat_1.1.ep7.el6 | 3.4.6-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-resteasy | <3.0.19-6.SP4_redhat_1.1.ep7.el6 | 3.0.19-6.SP4_redhat_1.1.ep7.el6 |
redhat/eap7-wildfly | <7.0.7-4.GA_redhat_3.1.ep7.el6 | 7.0.7-4.GA_redhat_3.1.ep7.el6 |
redhat/eap7-wildfly-javadocs | <7.0.7-3.GA_redhat_4.1.ep7.el6 | 7.0.7-3.GA_redhat_4.1.ep7.el6 |
redhat/eap7-wildfly-web-console-eap | <2.8.30-1.Final_redhat_1.1.ep7.el6 | 2.8.30-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-activemq-artemis | <1.1.0-18.SP21_redhat_1.1.ep7.el6 | 1.1.0-18.SP21_redhat_1.1.ep7.el6 |
redhat/eap7-activemq-artemis-cli | <1.1.0-18.SP21_redhat_1.1.ep7.el6 | 1.1.0-18.SP21_redhat_1.1.ep7.el6 |
redhat/eap7-activemq-artemis-commons | <1.1.0-18.SP21_redhat_1.1.ep7.el6 | 1.1.0-18.SP21_redhat_1.1.ep7.el6 |
redhat/eap7-activemq-artemis-core-client | <1.1.0-18.SP21_redhat_1.1.ep7.el6 | 1.1.0-18.SP21_redhat_1.1.ep7.el6 |
redhat/eap7-activemq-artemis-dto | <1.1.0-18.SP21_redhat_1.1.ep7.el6 | 1.1.0-18.SP21_redhat_1.1.ep7.el6 |
redhat/eap7-activemq-artemis-hornetq-protocol | <1.1.0-18.SP21_redhat_1.1.ep7.el6 | 1.1.0-18.SP21_redhat_1.1.ep7.el6 |
redhat/eap7-activemq-artemis-hqclient-protocol | <1.1.0-18.SP21_redhat_1.1.ep7.el6 | 1.1.0-18.SP21_redhat_1.1.ep7.el6 |
redhat/eap7-activemq-artemis-jms-client | <1.1.0-18.SP21_redhat_1.1.ep7.el6 | 1.1.0-18.SP21_redhat_1.1.ep7.el6 |
redhat/eap7-activemq-artemis-jms-server | <1.1.0-18.SP21_redhat_1.1.ep7.el6 | 1.1.0-18.SP21_redhat_1.1.ep7.el6 |
redhat/eap7-activemq-artemis-journal | <1.1.0-18.SP21_redhat_1.1.ep7.el6 | 1.1.0-18.SP21_redhat_1.1.ep7.el6 |
redhat/eap7-activemq-artemis-native | <1.1.0-18.SP21_redhat_1.1.ep7.el6 | 1.1.0-18.SP21_redhat_1.1.ep7.el6 |
redhat/eap7-activemq-artemis-ra | <1.1.0-18.SP21_redhat_1.1.ep7.el6 | 1.1.0-18.SP21_redhat_1.1.ep7.el6 |
redhat/eap7-activemq-artemis-selector | <1.1.0-18.SP21_redhat_1.1.ep7.el6 | 1.1.0-18.SP21_redhat_1.1.ep7.el6 |
redhat/eap7-activemq-artemis-server | <1.1.0-18.SP21_redhat_1.1.ep7.el6 | 1.1.0-18.SP21_redhat_1.1.ep7.el6 |
redhat/eap7-activemq-artemis-service-extensions | <1.1.0-18.SP21_redhat_1.1.ep7.el6 | 1.1.0-18.SP21_redhat_1.1.ep7.el6 |
redhat/eap7-glassfish-jsf | <2.2.12-2.SP4_redhat_1.1.ep7.el6 | 2.2.12-2.SP4_redhat_1.1.ep7.el6 |
redhat/eap7-hibernate | <5.0.14-1.Final_redhat_1.1.ep7.el6 | 5.0.14-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-hibernate-core | <5.0.14-1.Final_redhat_1.1.ep7.el6 | 5.0.14-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-hibernate-entitymanager | <5.0.14-1.Final_redhat_1.1.ep7.el6 | 5.0.14-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-hibernate-envers | <5.0.14-1.Final_redhat_1.1.ep7.el6 | 5.0.14-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-hibernate-infinispan | <5.0.14-1.Final_redhat_1.1.ep7.el6 | 5.0.14-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-hibernate-java8 | <5.0.14-1.Final_redhat_1.1.ep7.el6 | 5.0.14-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-ironjacamar | <1.3.7-1.Final_redhat_1.1.ep7.el6 | 1.3.7-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-ironjacamar-common-api | <1.3.7-1.Final_redhat_1.1.ep7.el6 | 1.3.7-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-ironjacamar-common-impl | <1.3.7-1.Final_redhat_1.1.ep7.el6 | 1.3.7-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-ironjacamar-common-spi | <1.3.7-1.Final_redhat_1.1.ep7.el6 | 1.3.7-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-ironjacamar-core-api | <1.3.7-1.Final_redhat_1.1.ep7.el6 | 1.3.7-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-ironjacamar-core-impl | <1.3.7-1.Final_redhat_1.1.ep7.el6 | 1.3.7-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-ironjacamar-deployers-common | <1.3.7-1.Final_redhat_1.1.ep7.el6 | 1.3.7-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-ironjacamar-jdbc | <1.3.7-1.Final_redhat_1.1.ep7.el6 | 1.3.7-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-ironjacamar-validator | <1.3.7-1.Final_redhat_1.1.ep7.el6 | 1.3.7-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-jackson-databind | <2.5.4-2.redhat_2.1.ep7.el6 | 2.5.4-2.redhat_2.1.ep7.el6 |
redhat/eap7-jboss-modules | <1.5.4-1.Final_redhat_1.1.ep7.el6 | 1.5.4-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-jboss-remoting | <4.0.23-1.Final_redhat_1.1.ep7.el6 | 4.0.23-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-jboss-xnio-base | <3.4.6-1.Final_redhat_1.1.ep7.el6 | 3.4.6-1.Final_redhat_1.1.ep7.el6 |
redhat/eap7-resteasy | <3.0.19-6.SP4_redhat_1.1.ep7.el6 | 3.0.19-6.SP4_redhat_1.1.ep7.el6 |
redhat/eap7-resteasy-async-http-servlet | <3.0-3.0.19-6.SP4_redhat_1.1.ep7.el6 | 3.0-3.0.19-6.SP4_redhat_1.1.ep7.el6 |
redhat/eap7-resteasy-atom-provider | <3.0.19-6.SP4_redhat_1.1.ep7.el6 | 3.0.19-6.SP4_redhat_1.1.ep7.el6 |
redhat/eap7-resteasy-cdi | <3.0.19-6.SP4_redhat_1.1.ep7.el6 | 3.0.19-6.SP4_redhat_1.1.ep7.el6 |
redhat/eap7-resteasy-client | <3.0.19-6.SP4_redhat_1.1.ep7.el6 | 3.0.19-6.SP4_redhat_1.1.ep7.el6 |
redhat/eap7-resteasy-crypto | <3.0.19-6.SP4_redhat_1.1.ep7.el6 | 3.0.19-6.SP4_redhat_1.1.ep7.el6 |
redhat/eap7-resteasy-jackson-provider | <3.0.19-6.SP4_redhat_1.1.ep7.el6 | 3.0.19-6.SP4_redhat_1.1.ep7.el6 |
redhat/eap7-resteasy-jackson2-provider | <3.0.19-6.SP4_redhat_1.1.ep7.el6 | 3.0.19-6.SP4_redhat_1.1.ep7.el6 |
redhat/eap7-resteasy-jaxb-provider | <3.0.19-6.SP4_redhat_1.1.ep7.el6 | 3.0.19-6.SP4_redhat_1.1.ep7.el6 |
redhat/eap7-resteasy-jaxrs | <3.0.19-6.SP4_redhat_1.1.ep7.el6 | 3.0.19-6.SP4_redhat_1.1.ep7.el6 |
redhat/eap7-resteasy-jettison-provider | <3.0.19-6.SP4_redhat_1.1.ep7.el6 | 3.0.19-6.SP4_redhat_1.1.ep7.el6 |
redhat/eap7-resteasy-jose-jwt | <3.0.19-6.SP4_redhat_1.1.ep7.el6 | 3.0.19-6.SP4_redhat_1.1.ep7.el6 |
redhat/eap7-resteasy-jsapi | <3.0.19-6.SP4_redhat_1.1.ep7.el6 | 3.0.19-6.SP4_redhat_1.1.ep7.el6 |
redhat/eap7-resteasy-json-p-provider | <3.0.19-6.SP4_redhat_1.1.ep7.el6 | 3.0.19-6.SP4_redhat_1.1.ep7.el6 |
redhat/eap7-resteasy-multipart-provider | <3.0.19-6.SP4_redhat_1.1.ep7.el6 | 3.0.19-6.SP4_redhat_1.1.ep7.el6 |
redhat/eap7-resteasy-spring | <3.0.19-6.SP4_redhat_1.1.ep7.el6 | 3.0.19-6.SP4_redhat_1.1.ep7.el6 |
redhat/eap7-resteasy-validator-provider | <11-3.0.19-6.SP4_redhat_1.1.ep7.el6 | 11-3.0.19-6.SP4_redhat_1.1.ep7.el6 |
redhat/eap7-resteasy-yaml-provider | <3.0.19-6.SP4_redhat_1.1.ep7.el6 | 3.0.19-6.SP4_redhat_1.1.ep7.el6 |
redhat/eap7-wildfly | <7.0.7-4.GA_redhat_3.1.ep7.el6 | 7.0.7-4.GA_redhat_3.1.ep7.el6 |
redhat/eap7-wildfly-javadocs | <7.0.7-3.GA_redhat_4.1.ep7.el6 | 7.0.7-3.GA_redhat_4.1.ep7.el6 |
redhat/eap7-wildfly-modules | <7.0.7-4.GA_redhat_3.1.ep7.el6 | 7.0.7-4.GA_redhat_3.1.ep7.el6 |
redhat/eap7-wildfly-web-console-eap | <2.8.30-1.Final_redhat_1.1.ep7.el6 | 2.8.30-1.Final_redhat_1.1.ep7.el6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.