{ "threat_severity" : "Important", "public_date" : "2020-01-20T12:00:00Z", "bugzilla" : { "description" : "undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS", "id" : "1772464", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1772464" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-400", "details" : [ "A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.", "A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL." ], "acknowledgement" : "Red Hat would like to thank Henning Baldersheim (Verizon Media) and HÃ¥vard Pettersen (Verizon Media) for reporting this issue.", "affected_release" : [ { "product_name" : "EAP-CD 19 Tech Preview", "release_date" : "2020-05-28T00:00:00Z", "advisory" : "RHSA-2020:2333", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_cd:19", "package" : "undertow" }, { "product_name" : "Red Hat Data Grid 7.3.5", "release_date" : "2020-03-05T00:00:00Z", "advisory" : "RHSA-2020:0729", "cpe" : "cpe:/a:redhat:jboss_data_grid:7.3", "package" : "undertow" }, { "product_name" : "Red Hat Fuse 7.7.0", "release_date" : "2020-07-28T00:00:00Z", "advisory" : "RHSA-2020:3192", "cpe" : "cpe:/a:redhat:jboss_fuse:7", "package" : "undertow" }, { "product_name" : "Red Hat JBoss EAP 7.2", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0164", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2", "package" : "undertow-core" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date" : "2024-08-26T00:00:00Z", "advisory" : "RHSA-2024:5856", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package" : "eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat Runtimes Spring Boot 2.1.13", "release_date" : "2020-06-04T00:00:00Z", "advisory" : "RHSA-2020:2367", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0", "package" : "undertow" }, { "product_name" : "Red Hat Single Sign-On 7.3", "release_date" : "2020-02-06T00:00:00Z", "advisory" : "RHSA-2020:0445", "cpe" : "cpe:/a:redhat:jboss_single_sign_on:7.3" }, { "product_name" : "Text-Only RHOAR", "release_date" : "2020-05-18T00:00:00Z", "advisory" : "RHSA-2020:2067", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" } ], "package_state" : [ { "product_name" : "Red Hat Decision Manager 7", "fix_state" : "Not affected", "package_name" : "undertow", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "product_name" : "Red Hat JBoss Fuse 6", "fix_state" : "Affected", "package_name" : "undertow", "cpe" : "cpe:/a:redhat:jboss_fuse:6", "impact" : "low" }, { "product_name" : "Red Hat OpenShift Application Runtimes", "fix_state" : "Affected", "package_name" : "undertow", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "undertow", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Single Sign-On 7", "fix_state" : "Affected", "package_name" : "undertow", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7" }, { "product_name" : "Red Hat support for Spring Boot", "fix_state" : "Affected", "package_name" : "undertow", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-14888\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14888" ], "name" : "CVE-2019-14888", "mitigation" : { "value" : "Enable HTTP2 (enable-http2=\"true\") in the undertow's HTTPS settings.", "lang" : "en:us" }, "csaw" : false }