First published: Tue Oct 13 2020(Updated: )
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.<br>This release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.3 Release Notes for information about the most significant bug fixes and enhancements included in this release.<br>Security Fix(es):<br><li> picketbox: JBoss EAP reload to admin-only mode allows authentication bypass (CVE-2020-14299)</li> <li> wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl (CVE-2020-14338)</li> <li> xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS (CVE-2020-14340)</li> <li> cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/eap7-activemq-artemis | <2.9.0-5.redhat_00011.1.el6ea | 2.9.0-5.redhat_00011.1.el6ea |
redhat/eap7-activemq-artemis-native | <1.0.2-1.redhat_00001.1.el6ea | 1.0.2-1.redhat_00001.1.el6ea |
redhat/eap7-apache-commons-codec | <1.14.0-1.redhat_00001.1.el6ea | 1.14.0-1.redhat_00001.1.el6ea |
redhat/eap7-apache-commons-lang | <3.10.0-1.redhat_00001.1.el6ea | 3.10.0-1.redhat_00001.1.el6ea |
redhat/eap7-apache-cxf | <3.3.7-1.redhat_00001.1.el6ea | 3.3.7-1.redhat_00001.1.el6ea |
redhat/eap7-artemis-native | <1.0.2-3.redhat_1.el6ea | 1.0.2-3.redhat_1.el6ea |
redhat/eap7-bouncycastle | <1.65.0-1.redhat_00001.1.el6ea | 1.65.0-1.redhat_00001.1.el6ea |
redhat/eap7-glassfish-jsf | <2.3.9-11.SP12_redhat_00001.1.el6ea | 2.3.9-11.SP12_redhat_00001.1.el6ea |
redhat/eap7-hal-console | <3.2.10-1.Final_redhat_00001.1.el6ea | 3.2.10-1.Final_redhat_00001.1.el6ea |
redhat/eap7-hibernate | <5.3.18-1.Final_redhat_00001.1.el6ea | 5.3.18-1.Final_redhat_00001.1.el6ea |
redhat/eap7-httpcomponents-client | <4.5.12-1.redhat_00001.1.el6ea | 4.5.12-1.redhat_00001.1.el6ea |
redhat/eap7-httpcomponents-core | <4.4.13-1.redhat_00001.1.el6ea | 4.4.13-1.redhat_00001.1.el6ea |
redhat/eap7-jberet | <1.3.7-1.Final_redhat_00001.1.el6ea | 1.3.7-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-invocation | <1.5.3-1.Final_redhat_00001.1.el6ea | 1.5.3-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-logmanager | <2.1.17-1.Final_redhat_00001.1.el6ea | 2.1.17-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-server-migration | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-xnio-base | <3.7.9-1.Final_redhat_00001.1.el6ea | 3.7.9-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jgroups | <4.1.10-1.Final_redhat_00001.1.el6ea | 4.1.10-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana | <5.9.9-1.Final_redhat_00001.1.el6ea | 5.9.9-1.Final_redhat_00001.1.el6ea |
redhat/eap7-picketbox | <5.0.3-8.Final_redhat_00007.1.el6ea | 5.0.3-8.Final_redhat_00007.1.el6ea |
redhat/eap7-picketlink-bindings | <2.5.5-25.SP12_redhat_00013.1.el6ea | 2.5.5-25.SP12_redhat_00013.1.el6ea |
redhat/eap7-snakeyaml | <1.26.0-1.redhat_00001.1.el6ea | 1.26.0-1.redhat_00001.1.el6ea |
redhat/eap7-undertow | <2.0.31-1.SP1_redhat_00001.1.el6ea | 2.0.31-1.SP1_redhat_00001.1.el6ea |
redhat/eap7-velocity | <2.2.0-1.redhat_00001.1.el6ea | 2.2.0-1.redhat_00001.1.el6ea |
redhat/eap7-wildfly | <7.3.3-4.GA_redhat_00004.1.el6ea | 7.3.3-4.GA_redhat_00004.1.el6ea |
redhat/eap7-wildfly-elytron | <1.10.8-1.Final_redhat_00001.1.el6ea | 1.10.8-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly-transaction-client | <1.1.13-1.Final_redhat_00001.1.el6ea | 1.1.13-1.Final_redhat_00001.1.el6ea |
redhat/eap7-xerces-j2 | <2.12.0-2.SP03_redhat_00001.1.el6ea | 2.12.0-2.SP03_redhat_00001.1.el6ea |
redhat/eap7-activemq-artemis-cli | <2.9.0-5.redhat_00011.1.el6ea | 2.9.0-5.redhat_00011.1.el6ea |
redhat/eap7-activemq-artemis-commons | <2.9.0-5.redhat_00011.1.el6ea | 2.9.0-5.redhat_00011.1.el6ea |
redhat/eap7-activemq-artemis-core-client | <2.9.0-5.redhat_00011.1.el6ea | 2.9.0-5.redhat_00011.1.el6ea |
redhat/eap7-activemq-artemis-dto | <2.9.0-5.redhat_00011.1.el6ea | 2.9.0-5.redhat_00011.1.el6ea |
redhat/eap7-activemq-artemis-hornetq-protocol | <2.9.0-5.redhat_00011.1.el6ea | 2.9.0-5.redhat_00011.1.el6ea |
redhat/eap7-activemq-artemis-hqclient-protocol | <2.9.0-5.redhat_00011.1.el6ea | 2.9.0-5.redhat_00011.1.el6ea |
redhat/eap7-activemq-artemis-jdbc-store | <2.9.0-5.redhat_00011.1.el6ea | 2.9.0-5.redhat_00011.1.el6ea |
redhat/eap7-activemq-artemis-jms-client | <2.9.0-5.redhat_00011.1.el6ea | 2.9.0-5.redhat_00011.1.el6ea |
redhat/eap7-activemq-artemis-jms-server | <2.9.0-5.redhat_00011.1.el6ea | 2.9.0-5.redhat_00011.1.el6ea |
redhat/eap7-activemq-artemis-journal | <2.9.0-5.redhat_00011.1.el6ea | 2.9.0-5.redhat_00011.1.el6ea |
redhat/eap7-activemq-artemis-ra | <2.9.0-5.redhat_00011.1.el6ea | 2.9.0-5.redhat_00011.1.el6ea |
redhat/eap7-activemq-artemis-selector | <2.9.0-5.redhat_00011.1.el6ea | 2.9.0-5.redhat_00011.1.el6ea |
redhat/eap7-activemq-artemis-server | <2.9.0-5.redhat_00011.1.el6ea | 2.9.0-5.redhat_00011.1.el6ea |
redhat/eap7-activemq-artemis-service-extensions | <2.9.0-5.redhat_00011.1.el6ea | 2.9.0-5.redhat_00011.1.el6ea |
redhat/eap7-activemq-artemis-tools | <2.9.0-5.redhat_00011.1.el6ea | 2.9.0-5.redhat_00011.1.el6ea |
redhat/eap7-apache-cxf-rt | <3.3.7-1.redhat_00001.1.el6ea | 3.3.7-1.redhat_00001.1.el6ea |
redhat/eap7-apache-cxf-services | <3.3.7-1.redhat_00001.1.el6ea | 3.3.7-1.redhat_00001.1.el6ea |
redhat/eap7-apache-cxf-tools | <3.3.7-1.redhat_00001.1.el6ea | 3.3.7-1.redhat_00001.1.el6ea |
redhat/eap7-artemis-native-wildfly | <1.0.2-3.redhat_1.el6ea | 1.0.2-3.redhat_1.el6ea |
redhat/eap7-bouncycastle-mail | <1.65.0-1.redhat_00001.1.el6ea | 1.65.0-1.redhat_00001.1.el6ea |
redhat/eap7-bouncycastle-pkix | <1.65.0-1.redhat_00001.1.el6ea | 1.65.0-1.redhat_00001.1.el6ea |
redhat/eap7-bouncycastle-prov | <1.65.0-1.redhat_00001.1.el6ea | 1.65.0-1.redhat_00001.1.el6ea |
redhat/eap7-hibernate-core | <5.3.18-1.Final_redhat_00001.1.el6ea | 5.3.18-1.Final_redhat_00001.1.el6ea |
redhat/eap7-hibernate-entitymanager | <5.3.18-1.Final_redhat_00001.1.el6ea | 5.3.18-1.Final_redhat_00001.1.el6ea |
redhat/eap7-hibernate-envers | <5.3.18-1.Final_redhat_00001.1.el6ea | 5.3.18-1.Final_redhat_00001.1.el6ea |
redhat/eap7-hibernate-java8 | <5.3.18-1.Final_redhat_00001.1.el6ea | 5.3.18-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jberet-core | <1.3.7-1.Final_redhat_00001.1.el6ea | 1.3.7-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-server-migration-cli | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-server-migration-core | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-server-migration-eap6.4 | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3 | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-server-migration-eap7.0 | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-server-migration-eap7.1 | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-server-migration-eap7.2 | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3 | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-server-migration-eap7.3-server | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly10.0 | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly10.1 | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly11.0 | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly12.0 | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly13.0-server | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly14.0-server | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly15.0-server | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly16.0-server | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly17.0-server | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly18.0-server | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly8.2 | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-jboss-server-migration-wildfly9.0 | <1.7.2-2.Final_redhat_00002.1.el6ea | 1.7.2-2.Final_redhat_00002.1.el6ea |
redhat/eap7-narayana-compensations | <5.9.9-1.Final_redhat_00001.1.el6ea | 5.9.9-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana-jbosstxbridge | <5.9.9-1.Final_redhat_00001.1.el6ea | 5.9.9-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana-jbossxts | <5.9.9-1.Final_redhat_00001.1.el6ea | 5.9.9-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana-jts-idlj | <5.9.9-1.Final_redhat_00001.1.el6ea | 5.9.9-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana-jts-integration | <5.9.9-1.Final_redhat_00001.1.el6ea | 5.9.9-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana-restat-api | <5.9.9-1.Final_redhat_00001.1.el6ea | 5.9.9-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana-restat-bridge | <5.9.9-1.Final_redhat_00001.1.el6ea | 5.9.9-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana-restat-integration | <5.9.9-1.Final_redhat_00001.1.el6ea | 5.9.9-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana-restat-util | <5.9.9-1.Final_redhat_00001.1.el6ea | 5.9.9-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana-txframework | <5.9.9-1.Final_redhat_00001.1.el6ea | 5.9.9-1.Final_redhat_00001.1.el6ea |
redhat/eap7-picketbox-infinispan | <5.0.3-8.Final_redhat_00007.1.el6ea | 5.0.3-8.Final_redhat_00007.1.el6ea |
redhat/eap7-picketlink-wildfly8 | <2.5.5-25.SP12_redhat_00013.1.el6ea | 2.5.5-25.SP12_redhat_00013.1.el6ea |
redhat/eap7-velocity-engine-core | <2.2.0-1.redhat_00001.1.el6ea | 2.2.0-1.redhat_00001.1.el6ea |
redhat/eap7-wildfly-elytron-tool | <1.10.8-1.Final_redhat_00001.1.el6ea | 1.10.8-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly-javadocs | <7.3.3-4.GA_redhat_00004.1.el6ea | 7.3.3-4.GA_redhat_00004.1.el6ea |
redhat/eap7-wildfly-modules | <7.3.3-4.GA_redhat_00004.1.el6ea | 7.3.3-4.GA_redhat_00004.1.el6ea |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.