Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:1193
HistoryMar 06, 2024 - 3:25 p.m.

(RHSA-2024:1193) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.1 security update

2024-03-0615:25:47
access.redhat.com
17
red hat
jboss
enterprise application platform
java
wildfly
security update
cve-2023-4759
cve-2023-35887
cve-2023-4043
cve-2023-48795
cvss score

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.963 High

EPSS

Percentile

99.5%

JSON

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.0 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • jgit: arbitrary file overwrite (CVE-2023-4759)

  • sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)

  • parsson: Denial of Service due to large number parsing (CVE-2023-4043)

  • apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (CVE-2023-48795)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat9noarcheap8-lucene-solr< 8.11.2-2.redhat_00001.1.el9eapeap8-lucene-solr-8.11.2-2.redhat_00001.1.el9eap.noarch.rpm
RedHat9noarcheap8-lucene-analyzers-common< 8.11.2-2.redhat_00001.1.el9eapeap8-lucene-analyzers-common-8.11.2-2.redhat_00001.1.el9eap.noarch.rpm
RedHat9noarcheap8-log4j< 2.19.0-2.redhat_00001.1.el9eapeap8-log4j-2.19.0-2.redhat_00001.1.el9eap.noarch.rpm
RedHat9noarcheap8-wildfly-java-jdk11< 8.0.1-3.GA_redhat_00002.1.el9eapeap8-wildfly-java-jdk11-8.0.1-3.GA_redhat_00002.1.el9eap.noarch.rpm
RedHat9noarcheap8-lucene-join< 8.11.2-2.redhat_00001.1.el9eapeap8-lucene-join-8.11.2-2.redhat_00001.1.el9eap.noarch.rpm
RedHat9noarcheap8-wildfly-modules< 8.0.1-3.GA_redhat_00002.1.el9eapeap8-wildfly-modules-8.0.1-3.GA_redhat_00002.1.el9eap.noarch.rpm
RedHat9noarcheap8-lucene-facet< 8.11.2-2.redhat_00001.1.el9eapeap8-lucene-facet-8.11.2-2.redhat_00001.1.el9eap.noarch.rpm
RedHat9noarcheap8-wildfly-java-jdk17< 8.0.1-3.GA_redhat_00002.1.el9eapeap8-wildfly-java-jdk17-8.0.1-3.GA_redhat_00002.1.el9eap.noarch.rpm
RedHat9noarcheap8-eclipse-jgit< 6.6.1.202309021850-1.r_redhat_00001.1.el9eapeap8-eclipse-jgit-6.6.1.202309021850-1.r_redhat_00001.1.el9eap.noarch.rpm
RedHat9noarcheap8-lucene-queryparser< 8.11.2-2.redhat_00001.1.el9eapeap8-lucene-queryparser-8.11.2-2.redhat_00001.1.el9eap.noarch.rpm
Rows per page:
1-10 of 151

Related

redhat 9
nessus 41
ibm 13
osv 15
github 3
prion 4
redhatcve 3
cvelist 4
nvd 4
cve 3
veracode 5
cnvd 1
atlassian 2
openvas 47
debiancve 2
ubuntucve 1
fedora 7
oraclelinux 4
rosalinux 1
paloalto 1
mageia 4
freebsd 3
cbl_mariner 11
debian 2
ubuntu 3
cloudfoundry 1
redos 2
alpinelinux 1
freebsd_advisory 1
thn 1
redhat
redhat
(RHSA-2024:1194) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.1 security update
2024-03-06 15:35:48
(RHSA-2024:1192) Moderate: Red Hat JBoss Enterprise Application Platform 8.0.1 security update
2024-03-06 15:25:45
(RHSA-2024:0722) Important: Red Hat build of Quarkus 3.2.10 release and security update
2024-02-12 15:22:24
nessus
nessus
RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.1 (RHSA-2024:1193)
2024-03-06 00:00:00
RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.0.1 (RHSA-2024:1192)
2024-03-06 00:00:00
RHEL 8 : apache-mina-sshd (Unpatched Vulnerability)
2024-05-11 00:00:00
ibm
ibm
Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to information disclosure due to Apache MINA SSHD (CVE-2023-35887)
2023-09-30 04:29:27
Security Bulletin: IBM InfoSphere Information Server is affected by a code execution vulnerability in Eclipse JGit (CVE-2023-4759)
2024-06-28 22:21:31
Security Bulletin: Vulnerability in jgit affect Cloud Pak System [CVE-2023-4759]
2024-01-03 18:17:39
osv
osv
Apache MINA SSHD information disclosure vulnerability
2023-07-10 18:30:49
CVE-2023-35887
2023-07-10 16:15:53
Eclipse Parsson Denial of Service vulnerability
2023-11-03 09:32:49
github
github
Apache MINA SSHD information disclosure vulnerability
2023-07-10 18:30:49
Eclipse Parsson Denial of Service vulnerability
2023-11-03 09:32:49
Arbitrary File Overwrite in Eclipse JGit
2023-09-18 15:30:18
prion
prion
Design/Logic Flaw
2023-07-10 16:15:00
Input validation
2023-11-03 09:15:00
Design/Logic Flaw
2023-09-12 10:15:00
redhatcve
redhatcve
CVE-2023-35887
2023-09-21 13:24:39
CVE-2023-4759
2023-09-12 19:54:09
CVE-2023-4043
2023-12-14 18:33:38
cvelist
cvelist
CVE-2023-35887 Apache MINA SSHD: Information disclosure bugs with RootedFilesystem
2023-07-10 09:28:54
CVE-2023-4043 Parsson DoS when parsing numbers from untrusted sources
2023-11-03 08:11:39
CVE-2023-4759 Improper handling of case insensitive filesystems in Eclipse JGit allows arbitrary file write
2023-09-12 09:12:10
nvd
nvd
CVE-2023-35887
2023-07-10 16:15:53
CVE-2023-4759
2023-09-12 10:15:29
CVE-2023-4043
2023-11-03 09:15:13
cve
cve
CVE-2023-35887
2023-07-10 16:15:53
CVE-2023-4043
2023-11-03 09:15:13
CVE-2023-4759
2023-09-12 10:15:29
veracode
veracode
Information Disclosure
2023-07-13 08:56:24
Arbitrary File Overwrite
2023-09-21 11:12:57
Denial Of Service (DoS)
2023-11-07 05:32:30
cnvd
cnvd
Apache MINA Information Disclosure Vulnerability
2023-07-12 00:00:00
atlassian
atlassian
RCE (Remote Code Execution) org.eclipse.jgit:org.eclipse.jgit Dependency in Bamboo Data Center and Server
2024-05-13 10:10:37
CVE-2023-48795 vulnerability on SSH
2024-01-04 17:19:13
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:0057-1)
2024-01-09 00:00:00
openSUSE: Security Advisory for eclipse (SUSE-SU-2024:0057-1)
2024-03-04 00:00:00
Mageia: Security Advisory (MGASA-2024-0002)
2024-01-09 00:00:00
debiancve
debiancve
CVE-2023-4759
2023-09-12 10:15:29
CVE-2023-48795
2023-12-18 16:15:10
ubuntucve
ubuntucve
CVE-2023-4759
2023-09-12 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: proftpd-1.3.8b-1.fc39
2023-12-30 01:23:29
[SECURITY] Fedora 39 Update: golang-x-crypto-0.18.0-1.fc39
2024-01-18 01:47:06
[SECURITY] Fedora 38 Update: prometheus-podman-exporter-1.7.0-1.fc38
2024-01-29 07:54:09
oraclelinux
oraclelinux
openssh security update
2024-02-13 00:00:00
openssh security update
2024-03-18 00:00:00
buildah security update
2024-03-07 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2382
2024-03-26 11:47:18
paloalto
paloalto
Impact of Terrapin SSH Attack
2024-01-09 01:30:00
mageia
mageia
Updated filezilla packages fix a security vulnerability ("Terrapin attack")
2024-02-10 04:03:35
Updated libssh2 packages fix a security vulnerability (Terrapin Attack)
2024-01-08 13:12:44
Updated erlang packages fix a security vulnerability (Terrapin Attack)
2024-01-20 01:43:32
freebsd
freebsd
putty -- add protocol extension against 'Terrapin attack'
2023-10-16 00:00:00
jenkins -- Terrapin SSH vulnerability in Jenkins CLI client
2024-04-17 00:00:00
FreeBSD -- Prefix Truncation Attack in the SSH protocol
2023-12-19 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-48795 affecting package erlang for versions less than 25.2-2
2024-02-25 03:00:06
CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2
2024-07-05 21:08:39
CVE-2023-48795 affecting package moby-engine for versions less than 20.10.27-1
2024-07-05 21:08:39
debian
debian
[SECURITY] [DSA 5599-1] phpseclib security update
2024-01-12 07:13:27
[SECURITY] [DSA 5600-1] php-phpseclib security update
2024-01-12 07:13:37
ubuntu
ubuntu
libssh2 vulnerability
2024-01-15 00:00:00
FileZilla vulnerability
2024-01-18 00:00:00
LXD vulnerability
2024-04-22 00:00:00
cloudfoundry
cloudfoundry
USN-6561-1: libssh vulnerability | Cloud Foundry
2024-04-04 00:00:00
redos
redos
ROS-20240408-15
2024-04-08 00:00:00
ROS-20240409-04
2024-04-09 00:00:00
alpinelinux
alpinelinux
CVE-2023-48795
2023-12-18 16:15:10
freebsd_advisory
freebsd_advisory
FreeBSD-SA-23:19.openssh
2023-12-19 00:00:00
thn
thn
New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security
2024-01-01 09:37:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.963 High

EPSS

Percentile

99.5%

JSON
Related for RHSA-2024:1193
redhat9nessus41ibm13osv15github3prion4redhatcve3cvelist4nvd4cve3veracode5cnvd1atlassian2openvas47debiancve2ubuntucve1fedora7oraclelinux4rosalinux1paloalto1mageia4freebsd3cbl_mariner11debian2ubuntu3cloudfoundry1redos2alpinelinux1freebsd_advisory1thn1