Moderate Red Hat JBoss Enterprise Application Platform security update
-----BEGIN PGP SIGNED MESSAGE-----
Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform security update
Advisory ID: RHSA-2017:0830-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0830.html
Issue date: 2017-03-22
CVE Names: CVE-2016-9589
An update is now available for Red Hat JBoss Enterprise Application
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.
This release of Red Hat JBoss Enterprise Application Platform 7.0.5 serves
as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.4,
and includes bug fixes and enhancements, which are documented in the
Release Notes document linked to in the References.
* It was found that JBoss EAP 7 Header Cache was inefficient. An attacker
could use this flaw to cause a denial of service attack. (CVE-2016-9589)
Red Hat would like to thank Gabriel Lavoie (Halogen Software) for reporting
Before applying this update, back up your existing Red Hat JBoss Enterprise
Application Platform installation and deployed applications.
The References section of this erratum contains a download link (you must
log in to download the update).
4. Bugs fixed (https://bugzilla.redhat.com/):
1404782 - CVE-2016-9589 wildfly: ParseState headerValuesCache can be exploited to fill heap with garbage
The Red Hat security contact is <secalert redhat com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----