Explore top 10 tips to secure your open-source projects now. Read More
×
Before applying this update, back up your existing Red Hat JBoss Enterprise
Application Platform installation and deployed applications.
The References section of this erratum contains a download link (you must
log in to download the update).
You must restart the JBoss server process for the update to take effect.
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java
applications based on the WildFly application runtime.
This asynchronous patch is a security update for the Undertow package in
Red Hat JBoss Enterprise Application Platform 7.2.
Security Fix(es):
* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, see the CVE page(s) listed in the
References section.
https://access.redhat.com/security/cve/CVE-2020-1745 https://access.redhat.com/security/updates/classification#critical https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.2 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index
An update is now available for Red Hat JBoss Enterprise ApplicationPlatform 7.2.Red Hat Product Security has rated this update as having a security impactof Critical. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability
Get the latest Linux and open source security news straight to your inbox.