Red Hat Security Advisory 2019-0137-01 - This enhancement adds the new Red Hat JBoss Enterprise Application Platform 7.2.0 packages to Red Hat Enterprise Linux 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1, and includes bug fixes and enhancements. Issues addressed include a broken CVE fix.
3529def62ddfdd2f75732212de3737cc355f6ada568bda61e9b02c28b8c6b924
Red Hat Security Advisory 2019-0136-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.2 on Red Hat Enterprise Linux 6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1, and includes bug fixes and enhancements, which are documented in the Release Notes, linked to in the References. Issues addressed include a SAML issue.
009e8212baa4ac84b17366baceaa87b1ecb9c62dce83360687fcc185816fab06
Red Hat Security Advisory 2019-0139-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1, and includes bug fixes and enhancements. Issues addressed include a SAML issue.
a0331eb1e181232a6f9a5c59fb170a61d0ae786927ef59209e03b462fd6962a0
Red Hat Security Advisory 2018-2743-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.21 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.20, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a denial of service vulnerability.
37eda32cb7a191a1c6736b12f198f553328de5c123f33beb2d638d6d58a35666
Red Hat Security Advisory 2018-2740-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.21 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.20, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a denial of service vulnerability.
23475e644736a8b8e37e99bf17a996c630b0a86e2db467708deff9163097576a
Red Hat Security Advisory 2018-2742-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.21 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.20, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a denial of service vulnerability.
757eb6d7ef53d8b4aa1d3b8c0a65262e4a00fcb01520e7b36ac2f72873fe456c
Red Hat Security Advisory 2018-2741-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.21 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.20, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a denial of service vulnerability.
2c1da3c6948a2290cf9b11d2a4c19ad1e6549d3194cc115d9ab436bb9310d537
Red Hat Security Advisory 2017-3216-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.18 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.17, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.
c6839de8a7da1f314e91840d5a632b506a67a6e3f704330ce58b280c3242fb70
Red Hat Security Advisory 2017-3220-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.18 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.17, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.
e4a78fc5dd316852065b2ffb1f78fd8359e8375e643906abe6ce03614baf20d7
Red Hat Security Advisory 2017-3217-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.18 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.17, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.
642456f59d91ec99fa56c6667d3563e8e85ea2d34721d5ebfd28da86dbaa2c01
Red Hat Security Advisory 2017-3219-01 - The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.18. Security Fix: It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.
4fbc9b62148f904eb99306f68c91d1356ebb1fa47fc1cd572011cf324db88987
Red Hat Security Advisory 2017-3218-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.18 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.17, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response.
982adb962a8420d4182204aa1ef9af6c92b8c6ecc8970c607eb72cbcf87ccf48
Red Hat Security Advisory 2017-2809-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.
2cd12b03d2f33b5eca8602b894a216c2a22849b1ada1361fa1119aa29110e876
Red Hat Security Advisory 2017-2811-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.8.
4625335874434e605c89b642c9228227df29e49da115ed2ae5344ae66dd9f48c
Red Hat Security Advisory 2017-2808-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.
f6590a11f2604542166e3cc7b6db6117e23303732c6aef136befc45deb5384eb
Red Hat Security Advisory 2017-2810-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.
188d12c115cdf70acf53a8c6c015857d0f7f729f6e285cf3d06172bf9b1241d9