Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:4392
HistoryJul 08, 2024 - 10:17 p.m.

(RHSA-2024:4392) Important: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update

2024-07-0822:17:51
access.redhat.com
red hat jboss
eap 8.0.2
security update
java applications
http-2
jose4j
undertow
cve-2024-27316
cve-2023-51775
cve-2024-5971
cve-2024-3653
cvss score

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8

Confidence

High

JSON

Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.

This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.

Security Fix(es):

  • HTTP-2: httpd: CONTINUATION frames DoS (CVE-2024-27316)
  • jose4j: denial of service via specially crafted JWE (CVE-2023-51775)
  • undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket (CVE-2024-5971)
  • undertow: LearningPushHandler can lead to remote memory DoS attacks (CVE-2024-3653)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.

Related

nessus 49
redhat 13
github 3
osv 15
ibm 35
prion 1
vulnrichment 4
debiancve 4
cvelist 4
redhatcve 4
cve 4
wolfi 1
cgr 1
ubuntucve 4
openvas 26
redos 1
nvd 4
veracode 4
almalinux 3
rocky 2
githubexploit 1
oraclelinux 3
fedora 3
alpinelinux 1
cbl_mariner 2
hackerone 1
amazon 2
f5 1
photon 1
ubuntu 1
slackware 1
nessus
nessus
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.18 Security update (Important) (RHSA-2024:5145)
2024-08-08 00:00:00
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.18 Security update (Important) (RHSA-2024:5144)
2024-08-08 00:00:00
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.18 Security update (Important) (RHSA-2024:5143)
2024-08-08 00:00:00
redhat
redhat
(RHSA-2024:5144) Important: Red Hat JBoss Enterprise Application Platform 7.4.18 Security update
2024-08-08 17:17:19
(RHSA-2024:5143) Important: Red Hat JBoss Enterprise Application Platform 7.4.18 Security update
2024-08-08 17:17:16
(RHSA-2024:5145) Important: Red Hat JBoss Enterprise Application Platform 7.4.18 Security update
2024-08-08 17:17:22
github
github
Undertow Denial of Service vulnerability
2024-07-08 21:31:40
jose4j denial of service via specifically crafted JWE
2024-02-29 03:33:14
Undertow Missing Release of Memory after Effective Lifetime vulnerability
2024-07-09 00:31:40
osv
osv
CVE-2023-51775
2024-02-29 01:42:05
jose4j denial of service via specifically crafted JWE
2024-02-29 03:33:14
CVE-2024-27316
2024-04-04 20:15:08
ibm
ibm
Security Bulletin: IBM Match 360 vulnerable to denial of service due to jose4j in IBM WebSphere Application Server Liberty (CVE-2023-51775)
2024-07-18 19:35:22
Security Bulletin: IBM PowerVM Novalink is vulnerable because jose4j is vulnerable to a denial of service, caused by improper input validation.
2024-07-02 11:31:02
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2023-51775)
2024-04-16 03:01:07
prion
prion
Design/Logic Flaw
2024-02-29 01:42:00
vulnrichment
vulnrichment
CVE-2023-51775
2023-12-25 00:00:00
CVE-2024-27316 Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames
2024-04-04 19:21:41
CVE-2024-5971 Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket
2024-07-08 20:51:29
debiancve
debiancve
CVE-2023-51775
2024-02-29 01:42:05
CVE-2024-27316
2024-04-04 20:15:08
CVE-2024-5971
2024-07-08 21:15:12
cvelist
cvelist
CVE-2023-51775
2023-12-25 00:00:00
CVE-2024-5971 Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket
2024-07-08 20:51:29
CVE-2024-27316 Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames
2024-04-04 19:21:41
redhatcve
redhatcve
CVE-2023-51775
2024-02-29 09:03:19
CVE-2024-5971
2024-07-08 20:50:26
CVE-2024-27316
2024-04-03 19:27:03
cve
cve
CVE-2023-51775
2024-02-29 01:42:05
CVE-2024-5971
2024-07-08 21:15:12
CVE-2024-27316
2024-04-04 20:15:08
wolfi
wolfi
CVE-2023-51775 vulnerabilities
2024-05-29 03:07:31
cgr
cgr
CVE-2023-51775 vulnerabilities
2024-05-19 03:07:16
ubuntucve
ubuntucve
CVE-2023-51775
2024-02-29 00:00:00
CVE-2024-5971
2024-07-08 00:00:00
CVE-2024-27316
2024-03-27 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2024-2042)
2024-07-22 00:00:00
Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2024-2331)
2024-09-03 00:00:00
Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2024-2123)
2024-08-20 00:00:00
redos
redos
ROS-20240425-01
2024-04-25 00:00:00
nvd
nvd
CVE-2024-27316
2024-04-04 20:15:08
CVE-2023-51775
2024-02-29 01:42:05
CVE-2024-5971
2024-07-08 21:15:12
veracode
veracode
Denial Of Service (DoS)
2024-03-05 06:37:59
Memory Exhaustion
2024-04-10 19:25:29
Denial Of Service (DoS)
2024-07-10 08:12:30
almalinux
almalinux
Moderate: mod_http2 security update
2024-04-30 00:00:00
Important: mod_http2 security update
2024-04-18 00:00:00
Important: httpd:2.4/mod_http2 security update
2024-04-11 00:00:00
rocky
rocky
httpd:2.4/mod_http2 security update
2024-05-06 13:04:21
mod_http2 security update
2024-05-10 14:32:42
githubexploit
githubexploit
Exploit for Allocation of Resources Without Limits or Throttling in Apache Http Server
2024-04-17 20:08:05
oraclelinux
oraclelinux
mod_http2 security update
2024-05-07 00:00:00
mod_http2 security update
2024-04-18 00:00:00
httpd:2.4/mod_http2 security update
2024-04-11 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: mod_http2-2.0.27-1.fc40
2024-04-21 01:08:56
[SECURITY] Fedora 39 Update: mod_http2-2.0.27-1.fc39
2024-04-21 01:20:22
[SECURITY] Fedora 38 Update: mod_http2-2.0.27-1.fc38
2024-04-21 02:57:21
alpinelinux
alpinelinux
CVE-2024-27316
2024-04-04 20:15:08
cbl_mariner
cbl_mariner
CVE-2024-27316 affecting package httpd for versions less than 2.4.61-1
2024-08-14 20:43:58
CVE-2024-27316 affecting package httpd for versions less than 2.4.59-1
2024-05-06 17:48:02
hackerone
hackerone
Internet Bug Bounty: Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames
2024-04-08 20:33:40
amazon
amazon
Important: mod_http2
2024-04-24 22:15:00
Important: httpd24
2024-04-25 16:04:00
f5
f5
K000139214 : Apache httpd vulnerability CVE-2024-27316
2024-04-08 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-3.0-0748
2024-04-11 00:00:00
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2024-04-17 00:00:00
slackware
slackware
[slackware-security] httpd
2024-04-04 19:16:44

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8

Confidence

High

JSON
Related for RHSA-2024:4392
nessus49redhat13github3osv15ibm35prion1vulnrichment4debiancve4cvelist4redhatcve4cve4wolfi1cgr1ubuntucve4openvas26redos1nvd4veracode4almalinux3rocky2githubexploit1oraclelinux3fedora3alpinelinux1cbl_mariner2hackerone1amazon2f51photon1ubuntu1slackware1