- Vulnerability/
- RHSA-2021:0250
RHSA-2021:0250: Important: Red Hat JBoss Enterprise Application Platform 7.3.5 security update
First published: Mon Jan 25 2021(Updated: )
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.<br>This release of Red Hat JBoss Enterprise Application Platform 7.3.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.<br>Security Fix(es):<br><li> wildfly: Potential Memory leak in Wildfly when using OpenTracing (CVE-2020-27822)</li> <li> undertow: special character in query results in server errors (CVE-2020-27782)</li> <li> wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller (CVE-2020-25689)</li> <li> httpclient: apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)</li> <li> wildfly: resource adapter logs plaintext JMS password at warning level on connection error (CVE-2020-25640)</li> <li> resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling (CVE-2020-25633)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat JBoss Enterprise Application Platform |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1879042
- https://bugzilla.redhat.com/show_bug.cgi?id=1881637
- https://bugzilla.redhat.com/show_bug.cgi?id=1886587
- https://bugzilla.redhat.com/show_bug.cgi?id=1893070
- https://bugzilla.redhat.com/show_bug.cgi?id=1901304
- https://bugzilla.redhat.com/show_bug.cgi?id=1904060
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.3
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/
- https://access.redhat.com/errata/RHSA-2021:0250 (Advisory)
Frequently Asked Questions
What is the severity of RHSA-2021:0250?
The severity of RHSA-2021:0250 is considered moderate.
How do I fix RHSA-2021:0250?
To fix RHSA-2021:0250, upgrade to Red Hat JBoss Enterprise Application Platform 7.3.5 or subsequent versions.
What versions of Red Hat JBoss are affected by RHSA-2021:0250?
RHSA-2021:0250 affects Red Hat JBoss Enterprise Application Platform versions prior to 7.3.5.
Is there a workaround for RHSA-2021:0250?
No specific workaround is provided for RHSA-2021:0250; updating to the fixed version is recommended.
What types of vulnerabilities are addressed in RHSA-2021:0250?
RHSA-2021:0250 addresses multiple issues related to security vulnerabilities in Red Hat JBoss Enterprise Application Platform.
- agent/severity
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2021:0250
- agent/trending
- agent/references
- agent/title
- agent/remedy
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup