First published: Mon Sep 30 2019(Updated: )
This release of Red Hat JBoss Enterprise Application Platform 7.2.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.<br>Security Fix(es):<br><li> jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)</li> <li> jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)</li> <li> jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814)</li> <li> undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files (CVE-2019-10212)</li> <li> codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities (CVE-2019-10202)</li> <li> jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086)</li> <li> undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184)</li>
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/eap7-activemq-artemis | <2.9.0-1.redhat_00005.1.el6ea | 2.9.0-1.redhat_00005.1.el6ea |
redhat/eap7-codehaus-jackson | <1.9.13-9.redhat_00006.1.el6ea | 1.9.13-9.redhat_00006.1.el6ea |
redhat/eap7-glassfish-jsf | <2.3.5-4.SP3_redhat_00002.1.el6ea | 2.3.5-4.SP3_redhat_00002.1.el6ea |
redhat/eap7-hal-console | <3.0.16-1.Final_redhat_00001.1.el6ea | 3.0.16-1.Final_redhat_00001.1.el6ea |
redhat/eap7-hibernate | <5.3.11-2.SP1_redhat_00001.1.el6ea | 5.3.11-2.SP1_redhat_00001.1.el6ea |
redhat/eap7-infinispan | <9.3.7-1.Final_redhat_00001.1.el6ea | 9.3.7-1.Final_redhat_00001.1.el6ea |
redhat/eap7-ironjacamar | <1.4.17-1.Final_redhat_00001.1.el6ea | 1.4.17-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jackson-annotations | <2.9.9-1.redhat_00001.1.el6ea | 2.9.9-1.redhat_00001.1.el6ea |
redhat/eap7-jackson-core | <2.9.9-1.redhat_00001.1.el6ea | 2.9.9-1.redhat_00001.1.el6ea |
redhat/eap7-jackson-databind | <2.9.9.3-1.redhat_00001.1.el6ea | 2.9.9.3-1.redhat_00001.1.el6ea |
redhat/eap7-jackson-jaxrs-providers | <2.9.9-2.redhat_00001.1.el6ea | 2.9.9-2.redhat_00001.1.el6ea |
redhat/eap7-jackson-modules-base | <2.9.9-1.redhat_00001.1.el6ea | 2.9.9-1.redhat_00001.1.el6ea |
redhat/eap7-jackson-modules-java8 | <2.9.9-1.redhat_00001.1.el6ea | 2.9.9-1.redhat_00001.1.el6ea |
redhat/eap7-jboss-ejb-client | <4.0.23-1.Final_redhat_00001.1.el6ea | 4.0.23-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-logging | <3.3.3-1.Final_redhat_00001.1.el6ea | 3.3.3-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-logmanager | <2.1.14-1.Final_redhat_00001.1.el6ea | 2.1.14-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-marshalling | <2.0.9-1.Final_redhat_00001.1.el6ea | 2.0.9-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-msc | <1.4.8-1.Final_redhat_00001.1.el6ea | 1.4.8-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-remoting | <5.0.14-1.SP1_redhat_00001.1.el6ea | 5.0.14-1.SP1_redhat_00001.1.el6ea |
redhat/eap7-jboss-server-migration | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-xnio-base | <3.7.3-1.Final_redhat_00001.1.el6ea | 3.7.3-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jgroups | <4.0.20-1.Final_redhat_00001.1.el6ea | 4.0.20-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana | <5.9.6-1.Final_redhat_00001.1.el6ea | 5.9.6-1.Final_redhat_00001.1.el6ea |
redhat/eap7-netty | <4.1.34-2.Final_redhat_00002.1.el6ea | 4.1.34-2.Final_redhat_00002.1.el6ea |
redhat/eap7-picketbox | <5.0.3-5.Final_redhat_00004.1.el6ea | 5.0.3-5.Final_redhat_00004.1.el6ea |
redhat/eap7-picketlink-bindings | <2.5.5-20.SP12_redhat_00007.1.el6ea | 2.5.5-20.SP12_redhat_00007.1.el6ea |
redhat/eap7-picketlink-federation | <2.5.5-20.SP12_redhat_00007.1.el6ea | 2.5.5-20.SP12_redhat_00007.1.el6ea |
redhat/eap7-undertow | <2.0.25-1.SP1_redhat_00001.1.el6ea | 2.0.25-1.SP1_redhat_00001.1.el6ea |
redhat/eap7-weld-core | <3.0.6-2.Final_redhat_00002.1.el6ea | 3.0.6-2.Final_redhat_00002.1.el6ea |
redhat/eap7-wildfly | <7.2.4-1.GA_redhat_00002.1.el6ea | 7.2.4-1.GA_redhat_00002.1.el6ea |
redhat/eap7-wildfly-elytron | <1.6.4-1.Final_redhat_00001.1.el6ea | 1.6.4-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly-elytron-tool | <1.4.3-1.Final_redhat_00001.1.el6ea | 1.4.3-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly-transaction-client | <1.1.6-2.Final_redhat_00001.1.el6ea | 1.1.6-2.Final_redhat_00001.1.el6ea |
redhat/eap7-activemq-artemis-cli | <2.9.0-1.redhat_00005.1.el6ea | 2.9.0-1.redhat_00005.1.el6ea |
redhat/eap7-activemq-artemis-commons | <2.9.0-1.redhat_00005.1.el6ea | 2.9.0-1.redhat_00005.1.el6ea |
redhat/eap7-activemq-artemis-core-client | <2.9.0-1.redhat_00005.1.el6ea | 2.9.0-1.redhat_00005.1.el6ea |
redhat/eap7-activemq-artemis-dto | <2.9.0-1.redhat_00005.1.el6ea | 2.9.0-1.redhat_00005.1.el6ea |
redhat/eap7-activemq-artemis-hornetq-protocol | <2.9.0-1.redhat_00005.1.el6ea | 2.9.0-1.redhat_00005.1.el6ea |
redhat/eap7-activemq-artemis-hqclient-protocol | <2.9.0-1.redhat_00005.1.el6ea | 2.9.0-1.redhat_00005.1.el6ea |
redhat/eap7-activemq-artemis-jdbc-store | <2.9.0-1.redhat_00005.1.el6ea | 2.9.0-1.redhat_00005.1.el6ea |
redhat/eap7-activemq-artemis-jms-client | <2.9.0-1.redhat_00005.1.el6ea | 2.9.0-1.redhat_00005.1.el6ea |
redhat/eap7-activemq-artemis-jms-server | <2.9.0-1.redhat_00005.1.el6ea | 2.9.0-1.redhat_00005.1.el6ea |
redhat/eap7-activemq-artemis-journal | <2.9.0-1.redhat_00005.1.el6ea | 2.9.0-1.redhat_00005.1.el6ea |
redhat/eap7-activemq-artemis-ra | <2.9.0-1.redhat_00005.1.el6ea | 2.9.0-1.redhat_00005.1.el6ea |
redhat/eap7-activemq-artemis-selector | <2.9.0-1.redhat_00005.1.el6ea | 2.9.0-1.redhat_00005.1.el6ea |
redhat/eap7-activemq-artemis-server | <2.9.0-1.redhat_00005.1.el6ea | 2.9.0-1.redhat_00005.1.el6ea |
redhat/eap7-activemq-artemis-service-extensions | <2.9.0-1.redhat_00005.1.el6ea | 2.9.0-1.redhat_00005.1.el6ea |
redhat/eap7-activemq-artemis-tools | <2.9.0-1.redhat_00005.1.el6ea | 2.9.0-1.redhat_00005.1.el6ea |
redhat/eap7-codehaus-jackson-core-asl | <1.9.13-9.redhat_00006.1.el6ea | 1.9.13-9.redhat_00006.1.el6ea |
redhat/eap7-codehaus-jackson-jaxrs | <1.9.13-9.redhat_00006.1.el6ea | 1.9.13-9.redhat_00006.1.el6ea |
redhat/eap7-codehaus-jackson-mapper-asl | <1.9.13-9.redhat_00006.1.el6ea | 1.9.13-9.redhat_00006.1.el6ea |
redhat/eap7-codehaus-jackson-xc | <1.9.13-9.redhat_00006.1.el6ea | 1.9.13-9.redhat_00006.1.el6ea |
redhat/eap7-hibernate-core | <5.3.11-2.SP1_redhat_00001.1.el6ea | 5.3.11-2.SP1_redhat_00001.1.el6ea |
redhat/eap7-hibernate-entitymanager | <5.3.11-2.SP1_redhat_00001.1.el6ea | 5.3.11-2.SP1_redhat_00001.1.el6ea |
redhat/eap7-hibernate-envers | <5.3.11-2.SP1_redhat_00001.1.el6ea | 5.3.11-2.SP1_redhat_00001.1.el6ea |
redhat/eap7-hibernate-java8 | <5.3.11-2.SP1_redhat_00001.1.el6ea | 5.3.11-2.SP1_redhat_00001.1.el6ea |
redhat/eap7-infinispan-cachestore-jdbc | <9.3.7-1.Final_redhat_00001.1.el6ea | 9.3.7-1.Final_redhat_00001.1.el6ea |
redhat/eap7-infinispan-cachestore-remote | <9.3.7-1.Final_redhat_00001.1.el6ea | 9.3.7-1.Final_redhat_00001.1.el6ea |
redhat/eap7-infinispan-client-hotrod | <9.3.7-1.Final_redhat_00001.1.el6ea | 9.3.7-1.Final_redhat_00001.1.el6ea |
redhat/eap7-infinispan-commons | <9.3.7-1.Final_redhat_00001.1.el6ea | 9.3.7-1.Final_redhat_00001.1.el6ea |
redhat/eap7-infinispan-core | <9.3.7-1.Final_redhat_00001.1.el6ea | 9.3.7-1.Final_redhat_00001.1.el6ea |
redhat/eap7-infinispan-hibernate-cache-commons | <9.3.7-1.Final_redhat_00001.1.el6ea | 9.3.7-1.Final_redhat_00001.1.el6ea |
redhat/eap7-infinispan-hibernate-cache-spi | <9.3.7-1.Final_redhat_00001.1.el6ea | 9.3.7-1.Final_redhat_00001.1.el6ea |
redhat/eap7-infinispan-hibernate-cache-v53 | <9.3.7-1.Final_redhat_00001.1.el6ea | 9.3.7-1.Final_redhat_00001.1.el6ea |
redhat/eap7-ironjacamar-common-api | <1.4.17-1.Final_redhat_00001.1.el6ea | 1.4.17-1.Final_redhat_00001.1.el6ea |
redhat/eap7-ironjacamar-common-impl | <1.4.17-1.Final_redhat_00001.1.el6ea | 1.4.17-1.Final_redhat_00001.1.el6ea |
redhat/eap7-ironjacamar-common-spi | <1.4.17-1.Final_redhat_00001.1.el6ea | 1.4.17-1.Final_redhat_00001.1.el6ea |
redhat/eap7-ironjacamar-core-api | <1.4.17-1.Final_redhat_00001.1.el6ea | 1.4.17-1.Final_redhat_00001.1.el6ea |
redhat/eap7-ironjacamar-core-impl | <1.4.17-1.Final_redhat_00001.1.el6ea | 1.4.17-1.Final_redhat_00001.1.el6ea |
redhat/eap7-ironjacamar-deployers-common | <1.4.17-1.Final_redhat_00001.1.el6ea | 1.4.17-1.Final_redhat_00001.1.el6ea |
redhat/eap7-ironjacamar-jdbc | <1.4.17-1.Final_redhat_00001.1.el6ea | 1.4.17-1.Final_redhat_00001.1.el6ea |
redhat/eap7-ironjacamar-validator | <1.4.17-1.Final_redhat_00001.1.el6ea | 1.4.17-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jackson-datatype-jdk8 | <2.9.9-1.redhat_00001.1.el6ea | 2.9.9-1.redhat_00001.1.el6ea |
redhat/eap7-jackson-datatype-jsr310 | <2.9.9-1.redhat_00001.1.el6ea | 2.9.9-1.redhat_00001.1.el6ea |
redhat/eap7-jackson-jaxrs-base | <2.9.9-2.redhat_00001.1.el6ea | 2.9.9-2.redhat_00001.1.el6ea |
redhat/eap7-jackson-jaxrs-json-provider | <2.9.9-2.redhat_00001.1.el6ea | 2.9.9-2.redhat_00001.1.el6ea |
redhat/eap7-jackson-module-jaxb-annotations | <2.9.9-1.redhat_00001.1.el6ea | 2.9.9-1.redhat_00001.1.el6ea |
redhat/eap7-jboss-marshalling-river | <2.0.9-1.Final_redhat_00001.1.el6ea | 2.0.9-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-server-migration-cli | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-core | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-eap6.4 | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-eap6.4-to-eap7.2 | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-eap7.0 | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-eap7.0-to-eap7.2 | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-eap7.1 | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-eap7.1-to-eap7.2 | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-eap7.2 | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly10.0 | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly10.0-to-eap7.2 | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly10.1 | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly10.1-to-eap7.2 | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly11.0 | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly11.0-to-eap7.2 | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly12.0 | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly12.0-to-eap7.2 | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly13.0-server | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly14.0-server | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly8.2 | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly8.2-to-eap7.2 | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly9.0 | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly9.0-to-eap7.2 | <1.3.1-4.Final_redhat_00004.1.el6ea | 1.3.1-4.Final_redhat_00004.1.el6ea |
redhat/eap7-narayana-compensations | <5.9.6-1.Final_redhat_00001.1.el6ea | 5.9.6-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana-jbosstxbridge | <5.9.6-1.Final_redhat_00001.1.el6ea | 5.9.6-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana-jbossxts | <5.9.6-1.Final_redhat_00001.1.el6ea | 5.9.6-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana-jts-idlj | <5.9.6-1.Final_redhat_00001.1.el6ea | 5.9.6-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana-jts-integration | <5.9.6-1.Final_redhat_00001.1.el6ea | 5.9.6-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana-restat-api | <5.9.6-1.Final_redhat_00001.1.el6ea | 5.9.6-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana-restat-bridge | <5.9.6-1.Final_redhat_00001.1.el6ea | 5.9.6-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana-restat-integration | <5.9.6-1.Final_redhat_00001.1.el6ea | 5.9.6-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana-restat-util | <5.9.6-1.Final_redhat_00001.1.el6ea | 5.9.6-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana-txframework | <5.9.6-1.Final_redhat_00001.1.el6ea | 5.9.6-1.Final_redhat_00001.1.el6ea |
redhat/eap7-netty-all | <4.1.34-2.Final_redhat_00002.1.el6ea | 4.1.34-2.Final_redhat_00002.1.el6ea |
redhat/eap7-picketbox-infinispan | <5.0.3-5.Final_redhat_00004.1.el6ea | 5.0.3-5.Final_redhat_00004.1.el6ea |
redhat/eap7-picketlink-api | <2.5.5-20.SP12_redhat_00007.1.el6ea | 2.5.5-20.SP12_redhat_00007.1.el6ea |
redhat/eap7-picketlink-common | <2.5.5-20.SP12_redhat_00007.1.el6ea | 2.5.5-20.SP12_redhat_00007.1.el6ea |
redhat/eap7-picketlink-config | <2.5.5-20.SP12_redhat_00007.1.el6ea | 2.5.5-20.SP12_redhat_00007.1.el6ea |
redhat/eap7-picketlink-idm-api | <2.5.5-20.SP12_redhat_00007.1.el6ea | 2.5.5-20.SP12_redhat_00007.1.el6ea |
redhat/eap7-picketlink-idm-impl | <2.5.5-20.SP12_redhat_00007.1.el6ea | 2.5.5-20.SP12_redhat_00007.1.el6ea |
redhat/eap7-picketlink-idm-simple-schema | <2.5.5-20.SP12_redhat_00007.1.el6ea | 2.5.5-20.SP12_redhat_00007.1.el6ea |
redhat/eap7-picketlink-impl | <2.5.5-20.SP12_redhat_00007.1.el6ea | 2.5.5-20.SP12_redhat_00007.1.el6ea |
redhat/eap7-picketlink-wildfly8 | <2.5.5-20.SP12_redhat_00007.1.el6ea | 2.5.5-20.SP12_redhat_00007.1.el6ea |
redhat/eap7-weld-core-impl | <3.0.6-2.Final_redhat_00002.1.el6ea | 3.0.6-2.Final_redhat_00002.1.el6ea |
redhat/eap7-weld-core-jsf | <3.0.6-2.Final_redhat_00002.1.el6ea | 3.0.6-2.Final_redhat_00002.1.el6ea |
redhat/eap7-weld-ejb | <3.0.6-2.Final_redhat_00002.1.el6ea | 3.0.6-2.Final_redhat_00002.1.el6ea |
redhat/eap7-weld-jta | <3.0.6-2.Final_redhat_00002.1.el6ea | 3.0.6-2.Final_redhat_00002.1.el6ea |
redhat/eap7-weld-probe-core | <3.0.6-2.Final_redhat_00002.1.el6ea | 3.0.6-2.Final_redhat_00002.1.el6ea |
redhat/eap7-weld-web | <3.0.6-2.Final_redhat_00002.1.el6ea | 3.0.6-2.Final_redhat_00002.1.el6ea |
redhat/eap7-wildfly-javadocs | <7.2.4-1.GA_redhat_00002.1.el6ea | 7.2.4-1.GA_redhat_00002.1.el6ea |
redhat/eap7-wildfly-modules | <7.2.4-1.GA_redhat_00002.1.el6ea | 7.2.4-1.GA_redhat_00002.1.el6ea |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.