RHEL 8:Red Hat JBoss Enterprise Application Platform 7.3.1 安全更新(重要)(RHSA-2020: 2513)
critical Nessus 插件 ID 137334
语言:
简介
远程 Red Hat 主机缺少一个或多个安全更新。描述
远程 Redhat Enterprise Linux 8 主机上安装的程序包受到 RHSA-2020: 2513 公告中提及的多个漏洞的影响。- CVE-2020-6950 Mojarra:loc 参数或 con 参数导致的路径遍历,CVE-2018-14371 的不完整修复
- thrift:当源具有特定输入数据时,存在无限循环 (CVE-2019-0205)
- thrift:与 TJSONProtocol 或 TSimpleJSONProtocol 相关的越界读取 (CVE-2019-0210)
- jackson-mapper-asl:XML 外部实体类似于 CVE-2016-3720 (CVE-2019-10172)
- cxf:OpenId Connect 令牌服务未正确验证 clientId (CVE-2019-12423)
- wildfly:如果 OpenSSL 安全提供程序在使用中,则不遵从旧版安全提供程序中的“enabled-protocols”值 (CVE-2019-14887)
- cxf:服务清单页面存在反射型 XSS (CVE-2019-17573)
- RESTEasy:RESTEasy 中的 RESTEASY003870 异常可导致反射型 XSS 攻击 (CVE-2020-10688)
- undertow:可通过 Expect: 100-continue 标头在 HttpReadListener 中造成内存耗尽问题 (CVE-2020-10705)
- undertow:具有大区块大小的无效 HTTP 请求 (CVE-2020-10719)
- resteasy:未正确验证 MediaTypeHeaderDelegate.java 类中的响应标头 (CVE-2020-1695)
- wildfly:使用其他安全域调用另一个 EJB 之后,EJBContext 主体未能弹出 (CVE-2020-1719)
- SmallRye:SecuritySupport 类遭错误公开,且包含用于访问当前线程环境类加载器的静态方法 (CVE-2020-1729)
- undertow:AJP 文件读取/注入漏洞 (CVE-2020-1745)
- undertow:servletPath 未经正确标准化,因此会造成危险的应用程序映射,这可能会导致安全绕过 (CVE-2020-1757)
- Mojarra:loc 参数或 con 参数导致的路径遍历,CVE-2018-14371 的不完整修复 (CVE-2020-6950)
- cryptacular:解码时发生内存分配过度 (CVE-2020-7226)
- jackson-databind:缺少特定 xbean-reflect/JNDI 阻断 (CVE-2020-8840)
- jackson-databind:shaded-hikari-config 中的序列化小工具 (CVE-2020-9546)
- jackson-databind:ibatis-sqlmap 中的序列化小工具 (CVE-2020-9547)
- jackson-databind:anteros-core 中的序列化小工具 (CVE-2020-9548)
请注意,Nessus 尚未测试这些问题,而是只依据应用程序自我报告的版本号进行判断。
解决方案
更新受影响的程序包。另见
http://www.nessus.org/u?34e23b20
http://www.nessus.org/u?39676da8
http://www.nessus.org/u?c780013e
https://access.redhat.com/errata/RHSA-2020:2513
https://bugzilla.redhat.com/show_bug.cgi?id=1607709
https://bugzilla.redhat.com/show_bug.cgi?id=1715075
https://bugzilla.redhat.com/show_bug.cgi?id=1730462
https://bugzilla.redhat.com/show_bug.cgi?id=1752770
https://bugzilla.redhat.com/show_bug.cgi?id=1764607
https://bugzilla.redhat.com/show_bug.cgi?id=1764612
https://bugzilla.redhat.com/show_bug.cgi?id=1772008
https://bugzilla.redhat.com/show_bug.cgi?id=1797006
https://bugzilla.redhat.com/show_bug.cgi?id=1797011
https://bugzilla.redhat.com/show_bug.cgi?id=1801380
https://bugzilla.redhat.com/show_bug.cgi?id=1802444
https://bugzilla.redhat.com/show_bug.cgi?id=1805006
https://bugzilla.redhat.com/show_bug.cgi?id=1807305
https://bugzilla.redhat.com/show_bug.cgi?id=1814974
https://bugzilla.redhat.com/show_bug.cgi?id=1816330
https://bugzilla.redhat.com/show_bug.cgi?id=1816332
https://bugzilla.redhat.com/show_bug.cgi?id=1816337
https://bugzilla.redhat.com/show_bug.cgi?id=1816340
https://bugzilla.redhat.com/show_bug.cgi?id=1828459
https://issues.redhat.com/browse/JBEAP-16114
https://issues.redhat.com/browse/JBEAP-18060
https://issues.redhat.com/browse/JBEAP-18163
https://issues.redhat.com/browse/JBEAP-18221
https://issues.redhat.com/browse/JBEAP-18240
https://issues.redhat.com/browse/JBEAP-18241
https://issues.redhat.com/browse/JBEAP-18273
https://issues.redhat.com/browse/JBEAP-18277
https://issues.redhat.com/browse/JBEAP-18288
https://issues.redhat.com/browse/JBEAP-18294
https://issues.redhat.com/browse/JBEAP-18302
https://issues.redhat.com/browse/JBEAP-18315
https://issues.redhat.com/browse/JBEAP-18346
https://issues.redhat.com/browse/JBEAP-18352
https://issues.redhat.com/browse/JBEAP-18361
https://issues.redhat.com/browse/JBEAP-18367
https://issues.redhat.com/browse/JBEAP-18393
https://issues.redhat.com/browse/JBEAP-18399
https://issues.redhat.com/browse/JBEAP-18409
https://issues.redhat.com/browse/JBEAP-18527
https://issues.redhat.com/browse/JBEAP-18528
https://issues.redhat.com/browse/JBEAP-18596
https://issues.redhat.com/browse/JBEAP-18598
https://issues.redhat.com/browse/JBEAP-18640
https://issues.redhat.com/browse/JBEAP-18653
https://issues.redhat.com/browse/JBEAP-18706
https://issues.redhat.com/browse/JBEAP-18770
https://issues.redhat.com/browse/JBEAP-18775
https://issues.redhat.com/browse/JBEAP-18788
https://issues.redhat.com/browse/JBEAP-18790
https://issues.redhat.com/browse/JBEAP-18818
https://issues.redhat.com/browse/JBEAP-18836
https://issues.redhat.com/browse/JBEAP-18850
https://issues.redhat.com/browse/JBEAP-18870
https://issues.redhat.com/browse/JBEAP-18875
https://issues.redhat.com/browse/JBEAP-18876
https://issues.redhat.com/browse/JBEAP-18877
https://issues.redhat.com/browse/JBEAP-18878
https://issues.redhat.com/browse/JBEAP-18879
https://issues.redhat.com/browse/JBEAP-18929
https://issues.redhat.com/browse/JBEAP-18990
https://issues.redhat.com/browse/JBEAP-18991
https://issues.redhat.com/browse/JBEAP-19035
https://issues.redhat.com/browse/JBEAP-19054
https://issues.redhat.com/browse/JBEAP-19066
https://issues.redhat.com/browse/JBEAP-19117
https://issues.redhat.com/browse/JBEAP-19133
https://issues.redhat.com/browse/JBEAP-19156
https://issues.redhat.com/browse/JBEAP-19181
https://issues.redhat.com/browse/JBEAP-19192
https://issues.redhat.com/browse/JBEAP-19232
https://issues.redhat.com/browse/JBEAP-19281
https://issues.redhat.com/browse/JBEAP-19456
https://access.redhat.com/security/updates/classification/#important
插件详情
严重性: Critical
ID: 137334
文件名: redhat-RHSA-2020-2513.nasl
版本: 1.11
类型: local
代理: unix
发布时间: 2020/6/11
最近更新时间: 2024/4/28
支持的传感器: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
风险信息
VPR
风险因素: Medium
分数: 6.7
CVSS v2
风险因素: High
基本分数: 7.5
时间分数: 5.9
矢量: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 分数来源: CVE-2020-8840
CVSS v3
风险因素: Critical
基本分数: 9.8
时间分数: 8.8
矢量: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
时间矢量: CVSS:3.0/E:P/RL:O/RC:C
CVSS 分数来源: CVE-2020-9548
漏洞信息
CPE: p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-tools, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-cli, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-commons, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-core-client, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-dto, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hornetq-protocol, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hqclient-protocol, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jdbc-store, p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf, p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-rt, p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-services, p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-tools, p-cpe:/a:redhat:enterprise_linux:eap7-bouncycastle, p-cpe:/a:redhat:enterprise_linux:eap7-bouncycastle-mail, p-cpe:/a:redhat:enterprise_linux:eap7-bouncycastle-pkix, p-cpe:/a:redhat:enterprise_linux:eap7-bouncycastle-prov, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-client, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-server, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-journal, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-ra, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-selector, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-server, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-service-extensions, p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-core, p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-commons, p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-spi, p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-v53, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-api, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-impl, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-spi, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-api, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-impl, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-deployers-common, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-jdbc, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-validator, p-cpe:/a:redhat:enterprise_linux:eap7-istack-commons-runtime, p-cpe:/a:redhat:enterprise_linux:eap7-istack-commons-tools, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-annotations, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-core, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-databind, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jdk8, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-datatype-jsr310, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-base, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-json-provider, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-jaxrs-providers, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-module-jaxb-annotations, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-base, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-modules-java8, p-cpe:/a:redhat:enterprise_linux:eap7-jaegertracing-jaeger-client-java, p-cpe:/a:redhat:enterprise_linux:eap7-jaegertracing-jaeger-client-java-core, p-cpe:/a:redhat:enterprise_linux:eap7-jaegertracing-jaeger-client-java-thrift, p-cpe:/a:redhat:enterprise_linux:eap7-jakarta-el, p-cpe:/a:redhat:enterprise_linux:eap7-jandex, p-cpe:/a:redhat:enterprise_linux:eap7-jasypt, p-cpe:/a:redhat:enterprise_linux:eap7-jaxb-jxc, p-cpe:/a:redhat:enterprise_linux:eap7-jaxb-runtime, p-cpe:/a:redhat:enterprise_linux:eap7-jaxb-xjc, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-ejb-client, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-genericjms, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-jsf-api_2.3_spec, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-modules, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-remoting, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-remoting-jmx, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-cli, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-core, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4-to-eap7.3, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.2-to-eap7.3, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.3-server, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly13.0-server, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly14.0-server, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly15.0-server, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly16.0-server, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly17.0-server, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly18.0-server, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-vfs, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-weld-3.1-api, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-weld-3.1-api-weld-api, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-weld-3.1-api-weld-spi, p-cpe:/a:redhat:enterprise_linux:eap7-microprofile-config, p-cpe:/a:redhat:enterprise_linux:eap7-microprofile-config-api, p-cpe:/a:redhat:enterprise_linux:eap7-microprofile-health, p-cpe:/a:redhat:enterprise_linux:eap7-microprofile-metrics, p-cpe:/a:redhat:enterprise_linux:eap7-microprofile-metrics-api, p-cpe:/a:redhat:enterprise_linux:eap7-microprofile-opentracing, p-cpe:/a:redhat:enterprise_linux:eap7-microprofile-opentracing-api, p-cpe:/a:redhat:enterprise_linux:eap7-microprofile-rest-client, p-cpe:/a:redhat:enterprise_linux:eap7-microprofile-rest-client-api, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-core, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-profile-api, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-saml-api, p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson, p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-core-asl, p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-jaxrs, p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-mapper-asl, p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-xc, p-cpe:/a:redhat:enterprise_linux:eap7-codemodel, p-cpe:/a:redhat:enterprise_linux:eap7-cryptacular, p-cpe:/a:redhat:enterprise_linux:eap7-elytron-web, p-cpe:/a:redhat:enterprise_linux:eap7-glassfish-jaxb, p-cpe:/a:redhat:enterprise_linux:eap7-glassfish-jsf, p-cpe:/a:redhat:enterprise_linux:eap7-hal-console, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-core, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-entitymanager, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-envers, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-java8, p-cpe:/a:redhat:enterprise_linux:eap7-infinispan, p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-jdbc, p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-remote, p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-client-hotrod, p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-commons, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-saml-impl, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-security-api, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-security-impl, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-soap-api, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-xacml-api, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-xacml-impl, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-xacml-saml-api, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-xacml-saml-impl, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-xmlsec-api, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-xmlsec-impl, p-cpe:/a:redhat:enterprise_linux:eap7-picketbox, p-cpe:/a:redhat:enterprise_linux:eap7-picketbox-infinispan, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-bindings, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-wildfly8, p-cpe:/a:redhat:enterprise_linux:eap7-relaxng-datatype, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-atom-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-cdi, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-client, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-client-microprofile, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-crypto, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson2-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxb-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxrs, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jettison-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jose-jwt, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jsapi, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-binding-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-p-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-multipart-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-rxjava2, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-spring, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-validator-provider-11, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-yaml-provider, p-cpe:/a:redhat:enterprise_linux:eap7-rngom, p-cpe:/a:redhat:enterprise_linux:eap7-slf4j-jboss-logmanager, p-cpe:/a:redhat:enterprise_linux:eap7-smallrye-config, p-cpe:/a:redhat:enterprise_linux:eap7-smallrye-health, p-cpe:/a:redhat:enterprise_linux:eap7-smallrye-metrics, p-cpe:/a:redhat:enterprise_linux:eap7-smallrye-opentracing, p-cpe:/a:redhat:enterprise_linux:eap7-snakeyaml, p-cpe:/a:redhat:enterprise_linux:eap7-stax2-api, p-cpe:/a:redhat:enterprise_linux:eap7-sun-istack-commons, p-cpe:/a:redhat:enterprise_linux:eap7-txw2, p-cpe:/a:redhat:enterprise_linux:eap7-undertow, p-cpe:/a:redhat:enterprise_linux:eap7-undertow-server, p-cpe:/a:redhat:enterprise_linux:eap7-weld-core, p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-impl, p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-jsf, p-cpe:/a:redhat:enterprise_linux:eap7-weld-ejb, p-cpe:/a:redhat:enterprise_linux:eap7-weld-jta, p-cpe:/a:redhat:enterprise_linux:eap7-weld-probe-core, p-cpe:/a:redhat:enterprise_linux:eap7-weld-web, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron-tool, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-client, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-client-common, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-ejb-client, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-naming-client, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-transaction-client, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-naming-client, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-transaction-client, p-cpe:/a:redhat:enterprise_linux:eap7-woodstox-core, p-cpe:/a:redhat:enterprise_linux:eap7-wss4j, p-cpe:/a:redhat:enterprise_linux:eap7-wss4j-bindings, p-cpe:/a:redhat:enterprise_linux:eap7-wss4j-policy, p-cpe:/a:redhat:enterprise_linux:eap7-wss4j-ws-security-common, p-cpe:/a:redhat:enterprise_linux:eap7-wss4j-ws-security-dom, p-cpe:/a:redhat:enterprise_linux:eap7-wss4j-ws-security-policy-stax, p-cpe:/a:redhat:enterprise_linux:eap7-wss4j-ws-security-stax, p-cpe:/a:redhat:enterprise_linux:eap7-xsom
必需的 KB 项: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
可利用: true
易利用性: Exploits are available
补丁发布日期: 2020/6/11
漏洞发布日期: 2018/7/18
参考资料信息
CVE: CVE-2018-14371, CVE-2019-0205, CVE-2019-0210, CVE-2019-10172, CVE-2019-12423, CVE-2019-14887, CVE-2019-17573, CVE-2020-10688, CVE-2020-10705, CVE-2020-10719, CVE-2020-1695, CVE-2020-1719, CVE-2020-1729, CVE-2020-1745, CVE-2020-1757, CVE-2020-6950, CVE-2020-7226, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548