RHSA-2020:2565: Important: EAP Continuous Delivery Technical Preview Release 18 security update

Published Jun 15, 2020
·
Updated

Red Hat JBoss Enterprise Application Platform CD18 is a platform for Java applications based on the WildFly application runtime.This release of Red Hat JBoss Enterprise Application Platform CD18 includes bug fixes and enhancements. Security Fix(es): jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619) jackson-databind: Serialization gadgets in commons-jelly:commons-jelly (CVE-2020-11620) wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805) undertow: HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default (CVE-2019-14838) undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely (CVE-2019-19343) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software

1 affected component
Red Hat JBoss Enterprise Application Platform

Remediation

Event History

Jan 21, 2026
Advisory Published
via Red Hat·08:33 AM
Data Sourced
via Red Hat·08:33 AM
RemedyDescriptionAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of RHSA-2020:2565?

The severity level of RHSA-2020:2565 is classified as important.

2

How do I fix RHSA-2020:2565?

To fix RHSA-2020:2565, you should update your Red Hat JBoss Enterprise Application Platform to the latest version provided in the advisory.

3

What components are affected by RHSA-2020:2565?

RHSA-2020:2565 specifically affects the jackson-databind library within the Red Hat JBoss Enterprise Application Platform.

4

Is RHSA-2020:2565 related to a specific vulnerability?

Yes, RHSA-2020:2565 addresses multiple security vulnerabilities reported in jackson-databind.

5

When was RHSA-2020:2565 released?

RHSA-2020:2565 was released on December 9, 2020.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203