RHSA-2020:0961: Important: Red Hat JBoss Enterprise Application Platform 7.3 security update
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.Security Fix(es): The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887) libthrift: thrift: Endless loop when feed with specific input data (CVE-2019-0205) libthrift: thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210) undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2020:0961?
The severity of RHSA-2020:0961 is classified as moderate due to the impact of the insecure handling of enabled protocols.
How do I fix RHSA-2020:0961?
To fix RHSA-2020:0961, you should apply the latest updates provided by Red Hat for JBoss Enterprise Application Platform 7.
What vulnerability does RHSA-2020:0961 address?
RHSA-2020:0961 addresses the vulnerability where the 'enabled-protocols' value is not respected when using the OpenSSL security provider (CVE-2019-14887).
Which versions of JBoss are affected by RHSA-2020:0961?
RHSA-2020:0961 affects Red Hat JBoss Enterprise Application Platform 7 when OpenSSL is used as the security provider.
Is there a workaround for RHSA-2020:0961?
There is no officially recommended workaround for RHSA-2020:0961; applying the updates is the preferred resolution.