- Vulnerability/
- RHSA-2022:6822
5/10/2022
RHSA-2022:6822: Important: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update
First published: Wed Oct 05 2022(Updated: )
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.6, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.7 Release Notes for information about the most significant bug fixes and enhancements included in this release.<br>Security Fix(es):<br><li> undertow: Large AJP request may cause DoS (CVE-2022-2053)</li> <li> undertow: potential security issue in flow control over HTTP/2 may lead to DOS. Incomplete fix for CVE-2021-3629 (CVE-2022-1259)</li> <li> snakeyaml: Denial of Service due missing to nested depth limitation for collections. (CVE-2022-25857)</li>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/eap7-activemq-artemis | <2.16.0-10.redhat_00045.1.el8ea | 2.16.0-10.redhat_00045.1.el8ea |
| redhat/eap7-glassfish-jsf | <2.3.14-5.SP06_redhat_00001.1.el8ea | 2.3.14-5.SP06_redhat_00001.1.el8ea |
| redhat/eap7-hal-console | <3.3.14-1.Final_redhat_00001.1.el8ea | 3.3.14-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-hibernate | <5.3.28-1.Final_redhat_00001.1.el8ea | 5.3.28-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-ironjacamar | <1.5.3-3.SP2_redhat_00001.1.el8ea | 1.5.3-3.SP2_redhat_00001.1.el8ea |
| redhat/eap7-jboss-ejb-client | <4.0.45-1.Final_redhat_00001.1.el8ea | 4.0.45-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jboss-server-migration | <1.10.0-20.Final_redhat_00019.1.el8ea | 1.10.0-20.Final_redhat_00019.1.el8ea |
| redhat/eap7-jboss-vfs | <3.2.17-1.Final_redhat_00001.1.el8ea | 3.2.17-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-tcnative | <2.0.52-3.Final_redhat_00001.1.el8ea | 2.0.52-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-transport-native-epoll | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-resteasy | <3.15.4-1.Final_redhat_00001.1.el8ea | 3.15.4-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-snakeyaml | <1.31.0-1.redhat_00001.1.el8ea | 1.31.0-1.redhat_00001.1.el8ea |
| redhat/eap7-undertow | <2.2.19-1.SP2_redhat_00001.1.el8ea | 2.2.19-1.SP2_redhat_00001.1.el8ea |
| redhat/eap7-undertow-jastow | <2.0.11-1.Final_redhat_00001.1.el8ea | 2.0.11-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-wildfly | <7.4.7-3.GA_redhat_00003.1.el8ea | 7.4.7-3.GA_redhat_00003.1.el8ea |
| redhat/eap7-wildfly-elytron | <1.15.14-1.Final_redhat_00001.1.el8ea | 1.15.14-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-wildfly-http-client | <1.1.13-1.SP1_redhat_00001.1.el8ea | 1.1.13-1.SP1_redhat_00001.1.el8ea |
| redhat/eap7-activemq-artemis-cli | <2.16.0-10.redhat_00045.1.el8ea | 2.16.0-10.redhat_00045.1.el8ea |
| redhat/eap7-activemq-artemis-commons | <2.16.0-10.redhat_00045.1.el8ea | 2.16.0-10.redhat_00045.1.el8ea |
| redhat/eap7-activemq-artemis-core-client | <2.16.0-10.redhat_00045.1.el8ea | 2.16.0-10.redhat_00045.1.el8ea |
| redhat/eap7-activemq-artemis-dto | <2.16.0-10.redhat_00045.1.el8ea | 2.16.0-10.redhat_00045.1.el8ea |
| redhat/eap7-activemq-artemis-hornetq-protocol | <2.16.0-10.redhat_00045.1.el8ea | 2.16.0-10.redhat_00045.1.el8ea |
| redhat/eap7-activemq-artemis-hqclient-protocol | <2.16.0-10.redhat_00045.1.el8ea | 2.16.0-10.redhat_00045.1.el8ea |
| redhat/eap7-activemq-artemis-jdbc-store | <2.16.0-10.redhat_00045.1.el8ea | 2.16.0-10.redhat_00045.1.el8ea |
| redhat/eap7-activemq-artemis-jms-client | <2.16.0-10.redhat_00045.1.el8ea | 2.16.0-10.redhat_00045.1.el8ea |
| redhat/eap7-activemq-artemis-jms-server | <2.16.0-10.redhat_00045.1.el8ea | 2.16.0-10.redhat_00045.1.el8ea |
| redhat/eap7-activemq-artemis-journal | <2.16.0-10.redhat_00045.1.el8ea | 2.16.0-10.redhat_00045.1.el8ea |
| redhat/eap7-activemq-artemis-ra | <2.16.0-10.redhat_00045.1.el8ea | 2.16.0-10.redhat_00045.1.el8ea |
| redhat/eap7-activemq-artemis-selector | <2.16.0-10.redhat_00045.1.el8ea | 2.16.0-10.redhat_00045.1.el8ea |
| redhat/eap7-activemq-artemis-server | <2.16.0-10.redhat_00045.1.el8ea | 2.16.0-10.redhat_00045.1.el8ea |
| redhat/eap7-activemq-artemis-service-extensions | <2.16.0-10.redhat_00045.1.el8ea | 2.16.0-10.redhat_00045.1.el8ea |
| redhat/eap7-activemq-artemis-tools | <2.16.0-10.redhat_00045.1.el8ea | 2.16.0-10.redhat_00045.1.el8ea |
| redhat/eap7-hibernate-core | <5.3.28-1.Final_redhat_00001.1.el8ea | 5.3.28-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-hibernate-entitymanager | <5.3.28-1.Final_redhat_00001.1.el8ea | 5.3.28-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-hibernate-envers | <5.3.28-1.Final_redhat_00001.1.el8ea | 5.3.28-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-hibernate-java8 | <5.3.28-1.Final_redhat_00001.1.el8ea | 5.3.28-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-ironjacamar-common-api | <1.5.3-3.SP2_redhat_00001.1.el8ea | 1.5.3-3.SP2_redhat_00001.1.el8ea |
| redhat/eap7-ironjacamar-common-impl | <1.5.3-3.SP2_redhat_00001.1.el8ea | 1.5.3-3.SP2_redhat_00001.1.el8ea |
| redhat/eap7-ironjacamar-common-spi | <1.5.3-3.SP2_redhat_00001.1.el8ea | 1.5.3-3.SP2_redhat_00001.1.el8ea |
| redhat/eap7-ironjacamar-core-api | <1.5.3-3.SP2_redhat_00001.1.el8ea | 1.5.3-3.SP2_redhat_00001.1.el8ea |
| redhat/eap7-ironjacamar-core-impl | <1.5.3-3.SP2_redhat_00001.1.el8ea | 1.5.3-3.SP2_redhat_00001.1.el8ea |
| redhat/eap7-ironjacamar-deployers-common | <1.5.3-3.SP2_redhat_00001.1.el8ea | 1.5.3-3.SP2_redhat_00001.1.el8ea |
| redhat/eap7-ironjacamar-jdbc | <1.5.3-3.SP2_redhat_00001.1.el8ea | 1.5.3-3.SP2_redhat_00001.1.el8ea |
| redhat/eap7-ironjacamar-validator | <1.5.3-3.SP2_redhat_00001.1.el8ea | 1.5.3-3.SP2_redhat_00001.1.el8ea |
| redhat/eap7-jboss-server-migration-cli | <1.10.0-20.Final_redhat_00019.1.el8ea | 1.10.0-20.Final_redhat_00019.1.el8ea |
| redhat/eap7-jboss-server-migration-core | <1.10.0-20.Final_redhat_00019.1.el8ea | 1.10.0-20.Final_redhat_00019.1.el8ea |
| redhat/eap7-netty-all | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-buffer | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-codec | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-codec-dns | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-codec-haproxy | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-codec-http | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-codec-http2 | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-codec-memcache | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-codec-mqtt | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-codec-redis | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-codec-smtp | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-codec-socks | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-codec-stomp | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-codec-xml | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-common | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-handler | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-handler-proxy | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-resolver | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-resolver-dns | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-resolver-dns-classes-macos | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-transport | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-transport-classes-epoll | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-transport-classes-kqueue | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-transport-native-epoll-debuginfo | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-transport-native-unix-common | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-transport-rxtx | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-transport-sctp | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-netty-transport-udt | <4.1.77-3.Final_redhat_00001.1.el8ea | 4.1.77-3.Final_redhat_00001.1.el8ea |
| redhat/eap7-resteasy-atom-provider | <3.15.4-1.Final_redhat_00001.1.el8ea | 3.15.4-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-resteasy-cdi | <3.15.4-1.Final_redhat_00001.1.el8ea | 3.15.4-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-resteasy-client | <3.15.4-1.Final_redhat_00001.1.el8ea | 3.15.4-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-resteasy-crypto | <3.15.4-1.Final_redhat_00001.1.el8ea | 3.15.4-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-resteasy-jackson-provider | <3.15.4-1.Final_redhat_00001.1.el8ea | 3.15.4-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-resteasy-jackson2-provider | <3.15.4-1.Final_redhat_00001.1.el8ea | 3.15.4-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-resteasy-jaxb-provider | <3.15.4-1.Final_redhat_00001.1.el8ea | 3.15.4-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-resteasy-jaxrs | <3.15.4-1.Final_redhat_00001.1.el8ea | 3.15.4-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-resteasy-jettison-provider | <3.15.4-1.Final_redhat_00001.1.el8ea | 3.15.4-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-resteasy-jose-jwt | <3.15.4-1.Final_redhat_00001.1.el8ea | 3.15.4-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-resteasy-jsapi | <3.15.4-1.Final_redhat_00001.1.el8ea | 3.15.4-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-resteasy-json-binding-provider | <3.15.4-1.Final_redhat_00001.1.el8ea | 3.15.4-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-resteasy-json-p-provider | <3.15.4-1.Final_redhat_00001.1.el8ea | 3.15.4-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-resteasy-multipart-provider | <3.15.4-1.Final_redhat_00001.1.el8ea | 3.15.4-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-resteasy-rxjava2 | <3.15.4-1.Final_redhat_00001.1.el8ea | 3.15.4-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-resteasy-spring | <3.15.4-1.Final_redhat_00001.1.el8ea | 3.15.4-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-resteasy-validator-provider | <11-3.15.4-1.Final_redhat_00001.1.el8ea | 11-3.15.4-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-resteasy-yaml-provider | <3.15.4-1.Final_redhat_00001.1.el8ea | 3.15.4-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-wildfly-elytron-tool | <1.15.14-1.Final_redhat_00001.1.el8ea | 1.15.14-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-wildfly-http-client-common | <1.1.13-1.SP1_redhat_00001.1.el8ea | 1.1.13-1.SP1_redhat_00001.1.el8ea |
| redhat/eap7-wildfly-http-ejb-client | <1.1.13-1.SP1_redhat_00001.1.el8ea | 1.1.13-1.SP1_redhat_00001.1.el8ea |
| redhat/eap7-wildfly-http-naming-client | <1.1.13-1.SP1_redhat_00001.1.el8ea | 1.1.13-1.SP1_redhat_00001.1.el8ea |
| redhat/eap7-wildfly-http-transaction-client | <1.1.13-1.SP1_redhat_00001.1.el8ea | 1.1.13-1.SP1_redhat_00001.1.el8ea |
| redhat/eap7-wildfly-javadocs | <7.4.7-3.GA_redhat_00003.1.el8ea | 7.4.7-3.GA_redhat_00003.1.el8ea |
| redhat/eap7-wildfly-modules | <7.4.7-3.GA_redhat_00003.1.el8ea | 7.4.7-3.GA_redhat_00003.1.el8ea |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2072339
- https://bugzilla.redhat.com/show_bug.cgi?id=2095862
- https://bugzilla.redhat.com/show_bug.cgi?id=2126789
- https://issues.redhat.com/browse/JBEAP-23619
- https://issues.redhat.com/browse/JBEAP-23687
- https://issues.redhat.com/browse/JBEAP-23738
- https://issues.redhat.com/browse/JBEAP-23741
- https://issues.redhat.com/browse/JBEAP-23753
- https://issues.redhat.com/browse/JBEAP-23772
- https://issues.redhat.com/browse/JBEAP-23794
- https://issues.redhat.com/browse/JBEAP-23802
- https://issues.redhat.com/browse/JBEAP-23803
- https://issues.redhat.com/browse/JBEAP-23805
- https://issues.redhat.com/browse/JBEAP-23816
- https://issues.redhat.com/browse/JBEAP-23818
- https://issues.redhat.com/browse/JBEAP-23869
- https://issues.redhat.com/browse/JBEAP-23881
- https://issues.redhat.com/browse/JBEAP-23912
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
- https://access.redhat.com/errata/RHSA-2022:6822 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2022:6822
- agent/software-canonical-lookup
- package-manager/redhat