RHEL 9: Red Hat JBoss Enterprise Application Platform 7.4.20 安全更新(中等)(RHSA-2024:10929)
high Nessus 插件 ID 213075
语言:
简介
远程 Red Hat 主机缺少安全更新。描述
远程 Redhat Enterprise Linux 9 主机上安装的多个程序包受到 RHSA-2024:10929 公告中提及的一个漏洞影响。Red Hat JBoss Enterprise Application Platform 7 是基于 WildFly 应用程序运行时的 Java 应用程序平台。此 Red Hat JBoss Enterprise Application Platform 7.4.20 版本用于替换 Red Hat JBoss Enterprise Application Platform 7.4.19,并包含缺陷修复和多项增强。请参阅 Red Hat JBoss Enterprise Application Platform 7.4.20 版本说明以获取有关此版本最重要的缺陷修复和增强功能信息。
安全修复:
* UNDERTOW-2511- 通过 HTTP/2 请求标头重用导致的信息泄漏 [eap-7.4.z] (CVE-2024-4109)
有关上述安全问题的更多详细信息,包括其影响、CVSS 得分、致谢,以及其他相关信息,请参阅列于“参考”部分的 CVE 页面。
Tenable 已直接从 Red Hat Enterprise Linux 安全公告中提取上述描述块。
请注意,Nessus 尚未测试此问题,而是只依据应用程序自我报告的版本号进行判断。
解决方案
更新受影响的程序包。另见
https://access.redhat.com/security/updates/classification/#moderate
http://www.nessus.org/u?c7aafbf8
http://www.nessus.org/u?31eae5d2
https://bugzilla.redhat.com/show_bug.cgi?id=2272325
https://issues.redhat.com/browse/JBEAP-27639
https://issues.redhat.com/browse/JBEAP-27647
https://issues.redhat.com/browse/JBEAP-28050
https://issues.redhat.com/browse/JBEAP-28107
https://issues.redhat.com/browse/JBEAP-28132
https://issues.redhat.com/browse/JBEAP-28183
https://issues.redhat.com/browse/JBEAP-28192
https://issues.redhat.com/browse/JBEAP-28238
https://issues.redhat.com/browse/JBEAP-28263
https://issues.redhat.com/browse/JBEAP-28267
https://issues.redhat.com/browse/JBEAP-28268
https://issues.redhat.com/browse/JBEAP-28270
https://issues.redhat.com/browse/JBEAP-28277
插件详情
严重性: High
ID: 213075
文件名: redhat-RHSA-2024-10929.nasl
版本: 1.1
类型: local
代理: unix
发布时间: 2024/12/17
最近更新时间: 2024/12/17
支持的传感器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
风险信息
Vendor
Vendor Severity: Moderate
CVSS v2
风险因素: High
基本分数: 7.8
时间分数: 5.8
矢量: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N
CVSS 分数来源: CVE-2024-4109
CVSS v3
风险因素: High
基本分数: 7.5
时间分数: 6.5
矢量: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
时间矢量: CVSS:3.0/E:U/RL:O/RC:C
漏洞信息
CPE: p-cpe:/a:redhat:enterprise_linux:eap7-resteasy, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jettison-provider, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-ejb-client, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-atom-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-validator-provider-11, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-bindings, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-rxjava2, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxb-provider, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-wildfly8, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-cdi, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk17, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-client, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-multipart-provider, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk8, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-journal, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hornetq-protocol, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-tools, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson-provider, p-cpe:/a:redhat:enterprise_linux:eap7-log4j-jboss-logmanager, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-spring, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-service-extensions, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-client, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-dto, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hqclient-protocol, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-client-common, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson2-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jsapi, p-cpe:/a:redhat:enterprise_linux:eap7-woodstox-core, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-commons, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk11, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-core, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-transaction-client, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-cli, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-remoting, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-p-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jose-jwt, p-cpe:/a:redhat:enterprise_linux:eap7-undertow, p-cpe:/a:redhat:enterprise_linux:eap7-jaxen, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-ejb-client, p-cpe:/a:redhat:enterprise_linux:eap7-byte-buddy, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-core-client, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-yaml-provider, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jdbc-store, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-client, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-ra, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis, p-cpe:/a:redhat:enterprise_linux:eap7-jbossws-cxf, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-selector, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-server, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-cli, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxrs, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-binding-provider, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-server, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-crypto, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-naming-client
必需的 KB 项: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
易利用性: No known exploits are available
补丁发布日期: 2024/12/11
漏洞发布日期: 2024/12/11
参考资料信息
CVE: CVE-2024-4109
CWE: 200
RHSA: 2024:10929