{ "threat_severity" : "Moderate", "public_date" : "2023-04-18T00:00:00Z", "bugzilla" : { "description" : "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()", "id" : "2236340", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2236340" }, "cvss3" : { "cvss3_base_score" : "5.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status" : "verified" }, "cwe" : "CWE-770", "details" : [ "Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).", "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state." ], "affected_release" : [ { "product_name" : "OCP-Tools-4.12-RHEL-8", "release_date" : "2024-02-12T00:00:00Z", "advisory" : "RHSA-2024:0778", "cpe" : "cpe:/a:redhat:ocp_tools:4.12::el8", "package" : "jenkins-0:2.426.3.1706515686-3.el8" }, { "product_name" : "Red Hat AMQ Streams 2.5.0", "release_date" : "2023-09-14T00:00:00Z", "advisory" : "RHSA-2023:5165", "cpe" : "cpe:/a:redhat:amq_streams:2" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7638", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7638", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7638", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7638", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7638", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7638", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7638", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7638", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7638", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7638", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7638", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7638", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7638", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7638", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7638", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7638", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7638", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7638", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7638", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7639", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7639", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7639", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-avro-0:1.11.3-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7639", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7639", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7639", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7639", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7639", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7639", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7639", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7639", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7639", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7639", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7639", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7639", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7639", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7639", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7639", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7639", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-yasson-0:1.0.11-4.redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2023-12-04T00:00:00Z", "advisory" : "RHSA-2023:7637", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "release_date" : "2024-05-28T00:00:00Z", "advisory" : "RHSA-2024:3385", "cpe" : "cpe:/a:redhat:jbosseapxp", "package" : "jetty-server" }, { "product_name" : "Red Hat Single Sign-On 7", "release_date" : "2024-02-13T00:00:00Z", "advisory" : "RHSA-2024:0804", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.6", "package" : "jetty-server" }, { "product_name" : "Red Hat Single Sign-On 7.6 for RHEL 7", "release_date" : "2024-02-13T00:00:00Z", "advisory" : "RHSA-2024:0798", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "package" : "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el7sso" }, { "product_name" : "Red Hat Single Sign-On 7.6 for RHEL 8", "release_date" : "2024-02-13T00:00:00Z", "advisory" : "RHSA-2024:0799", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "package" : "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el8sso" }, { "product_name" : "Red Hat Single Sign-On 7.6 for RHEL 9", "release_date" : "2024-02-13T00:00:00Z", "advisory" : "RHSA-2024:0800", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "package" : "rh-sso7-keycloak-0:18.0.12-1.redhat_00001.1.el9sso" }, { "product_name" : "RHEL-8 based Middleware Containers", "release_date" : "2024-02-13T00:00:00Z", "advisory" : "RHSA-2024:0801", "cpe" : "cpe:/a:redhat:rhosemc:1.0::el8", "package" : "rh-sso-7/sso76-openshift-rhel8:7.6-41" }, { "product_name" : "RHINT Camel-Springboot 4.0.0", "release_date" : "2023-10-04T00:00:00Z", "advisory" : "RHSA-2023:5441", "cpe" : "cpe:/a:redhat:camel_spring_boot:4.0.0", "package" : "jetty-server" } ], "package_state" : [ { "product_name" : "A-MQ Clients 2", "fix_state" : "Not affected", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:a_mq_clients:2" }, { "product_name" : "Migration Toolkit for Applications 6", "fix_state" : "Not affected", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:6" }, { "product_name" : "Migration Toolkit for Runtimes", "fix_state" : "Not affected", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:migration_toolkit_runtimes:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "Red Hat AMQ Broker 7", "fix_state" : "Not affected", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:amq_broker:7" }, { "product_name" : "Red Hat build of Apache Camel for Spring Boot 3", "fix_state" : "Affected", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:camel_spring_boot:3" }, { "product_name" : "Red Hat build of Apicurio Registry 2", "fix_state" : "Not affected", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:service_registry:2" }, { "product_name" : "Red Hat build of Debezium 2", "fix_state" : "Not affected", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:debezium:2" }, { "product_name" : "Red Hat Data Grid 8", "fix_state" : "Not affected", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:jboss_data_grid:8" }, { "product_name" : "Red Hat Decision Manager 7", "fix_state" : "Out of support scope", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "log4j:2/log4j", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "log4j", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Out of support scope", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Integration Camel K 1", "fix_state" : "Will not fix", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:integration:1" }, { "product_name" : "Red Hat Integration Camel Quarkus 2", "fix_state" : "Will not fix", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:camel_quarkus:2" }, { "product_name" : "Red Hat JBoss Data Grid 7", "fix_state" : "Out of support scope", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:jboss_data_grid:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6", "fix_state" : "Out of support scope", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "fix_state" : "Not affected", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "fix_state" : "Not affected", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "product_name" : "Red Hat JBoss Fuse 6", "fix_state" : "Out of support scope", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:jboss_fuse:6" }, { "product_name" : "Red Hat JBoss Fuse Service Works 6", "fix_state" : "Out of support scope", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:jboss_fuse_service_works:6" }, { "product_name" : "Red Hat OpenShift Application Runtimes", "fix_state" : "Not affected", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Out of support scope", "package_name" : "jenkins", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "jenkins", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Out of support scope", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "puppetserver", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "streams for Apache Kafka", "fix_state" : "Affected", "package_name" : "jetty-server", "cpe" : "cpe:/a:redhat:amq_streams:1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-26048\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-26048\nhttps://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8" ], "name" : "CVE-2023-26048", "csaw" : false }