{ "threat_severity" : "Important", "public_date" : "2019-09-26T00:00:00Z", "bugzilla" : { "description" : "netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers", "id" : "1758619", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1758619" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status" : "verified" }, "cwe" : "CWE-444", "details" : [ "Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a \"Transfer-Encoding : chunked\" line), which leads to HTTP request smuggling.", "A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling." ], "statement" : "OpenShift Container Platform ships a vulnerable netty library as part of the logging-elasticsearch5 container. ElasticSearch's security team has stated that this vulnerability does not poses a substantial practical threat to ElasticSearch 6 [1]. We agree that this issue would be difficult to exploit these vulnerabilities on OpenShift Container Platform, so we're reducing the impact of this issue to moderate and may fix it in the future release.\nRed Hat Satellite ships vulnerable netty version embedded in Candlepin, however, is not directly vulnerable since HTTP requests are handled by Tomcat and not netty.\n[1] https://github.com/elastic/elasticsearch/issues/49396", "affected_release" : [ { "product_name" : "EAP-CD 19 Tech Preview", "release_date" : "2020-05-28T00:00:00Z", "advisory" : "RHSA-2020:2333", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_cd:19", "package" : "netty" }, { "product_name" : "Red Hat AMQ", "release_date" : "2020-03-23T00:00:00Z", "advisory" : "RHSA-2020:0922", "cpe" : "cpe:/a:redhat:amq_broker:7", "package" : "netty" }, { "product_name" : "Red Hat AMQ 7.4.3", "release_date" : "2020-04-14T00:00:00Z", "advisory" : "RHSA-2020:1445", "cpe" : "cpe:/a:redhat:amq_broker:7", "package" : "netty" }, { "product_name" : "Red Hat Data Grid 7.3.6", "release_date" : "2020-05-26T00:00:00Z", "advisory" : "RHSA-2020:2321", "cpe" : "cpe:/a:redhat:jboss_data_grid:7.3", "package" : "netty" }, { "product_name" : "Red Hat Decision Manager 7", "release_date" : "2020-07-29T00:00:00Z", "advisory" : "RHSA-2020:3196", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7.8", "package" : "netty" }, { "product_name" : "Red Hat Fuse 7.5.0", "release_date" : "2019-11-14T00:00:00Z", "advisory" : "RHSA-2019:3892", "cpe" : "cpe:/a:redhat:jboss_fuse:7", "package" : "netty" }, { "product_name" : "Red Hat Fuse 7.9", "release_date" : "2021-08-11T00:00:00Z", "advisory" : "RHSA-2021:3140", "cpe" : "cpe:/a:redhat:jboss_fuse:7", "package" : "karaf-transaction-manager-narayana", "impact" : "low" }, { "product_name" : "Red Hat JBoss EAP 7.2", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0164", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2", "package" : "netty" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date" : "2024-08-26T00:00:00Z", "advisory" : "RHSA-2024:5856", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package" : "eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0159", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0160", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-apache-cxf-0:3.2.11-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-glassfish-jsf-0:2.3.5-6.SP3_redhat_00004.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-hal-console-0:3.0.19-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-hibernate-0:5.3.14-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-hibernate-validator-0:6.0.18-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jackson-annotations-0:2.9.10-1.redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jackson-core-0:2.9.10-1.redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jackson-databind-0:2.9.10.1-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jackson-dataformats-binary-0:2.9.10-1.redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jackson-dataformats-text-0:2.9.10-1.redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jackson-jaxrs-providers-0:2.9.10-1.redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jackson-modules-base-0:2.9.10-2.redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jackson-modules-java8-0:2.9.10-1.redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jberet-0:1.3.5-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jboss-ejb-client-0:4.0.27-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-3.SP2_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jboss-server-migration-0:1.3.1-7.Final_redhat_00007.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jboss-xnio-base-0:3.7.6-3.SP2_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-netty-0:4.1.42-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-picketlink-bindings-0:2.5.5-21.SP12_redhat_00010.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-undertow-0:2.0.28-2.SP1_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-undertow-jastow-0:2.0.8-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-weld-core-0:3.0.6-3.Final_redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-wildfly-0:7.2.6-5.GA_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-wildfly-http-client-0:1.0.18-2.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0161", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-wildfly-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat Openshift Application Runtimes Vert.x 3.8.3", "release_date" : "2019-11-18T00:00:00Z", "advisory" : "RHSA-2019:3901", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0", "package" : "netty" }, { "product_name" : "Red Hat Process Automation 7", "release_date" : "2020-07-29T00:00:00Z", "advisory" : "RHSA-2020:3197", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8", "package" : "netty" }, { "product_name" : "Red Hat Single Sign-On 7.3", "release_date" : "2020-02-06T00:00:00Z", "advisory" : "RHSA-2020:0445", "cpe" : "cpe:/a:redhat:jboss_single_sign_on:7.3", "package" : "netty" } ], "package_state" : [ { "product_name" : "A-MQ Clients 2", "fix_state" : "Not affected", "package_name" : "netty", "cpe" : "cpe:/a:redhat:a_mq_clients:2" }, { "product_name" : "Red Hat JBoss Fuse 6", "fix_state" : "Out of support scope", "package_name" : "netty", "cpe" : "cpe:/a:redhat:jboss_fuse:6", "impact" : "moderate" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Will not fix", "package_name" : "openshift3/ose-logging-elasticsearch5", "cpe" : "cpe:/a:redhat:openshift:3.11", "impact" : "moderate" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-logging-elasticsearch5", "cpe" : "cpe:/a:redhat:openshift:4", "impact" : "moderate" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Not affected", "package_name" : "candlepin", "cpe" : "cpe:/a:redhat:satellite:6", "impact" : "low" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-16869\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16869" ], "name" : "CVE-2019-16869", "mitigation" : { "value" : "* Use HTTP/2 instead (clear boundaries between requests)\n* Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings", "lang" : "en:us" }, "csaw" : false }