Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:2755
HistoryJul 15, 2021 - 3:21 p.m.

(RHSA-2021:2755) Moderate: EAP XP 2 security update to CVE fixes in the EAP 7.3.x base

2021-07-1515:21:21
access.redhat.com
82

0.166 Low

EPSS

Percentile

96.0%

JSON

These are CVE issues filed against XP2 releases that have been fixed in the underlying EAP 7.3.x base, so no changes to the EAP XP2 code base.

Security Fix(es):

  • velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936)

  • bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052)

  • bouncycastle: Timing issue within the EC math library (CVE-2020-15522)

  • undertow: Possible regression in fix for CVE-2020-10687 (CVE-2021-20220)

  • wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client (CVE-2021-20250)

  • netty: Information disclosure via the local system temporary directory (CVE-2021-21290)

  • netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)

  • netty: Request smuggling via content-length header (CVE-2021-21409)

  • wildfly: XSS via admin console when creating roles in domain mode (CVE-2021-3536)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

redhat 26
nessus 33
ibm 22
prion 10
cvelist 10
debiancve 7
osv 16
cve 9
mageia 3
ubuntucve 7
redos 1
veracode 8
openvas 20
github 8
redhatcve 9
debian 1
freebsd 2
cgr 1
gitlab 1
amazon 1
githubexploit 2
atlassian 1
f5 1
redhat
redhat
(RHSA-2021:2210) Moderate: EAP XP 1 security update to CVE fixes in the EAP 7.3.x base
2021-06-02 13:46:47
(RHSA-2021:2051) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.7 security update
2021-05-19 15:14:25
(RHSA-2021:2046) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.7 security update on RHEL 6
2021-05-19 15:09:08
nessus
nessus
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.7 security update on RHEL 7 (Moderate) (RHSA-2021:2047)
2021-05-21 00:00:00
RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.7 security update on RHEL 6 (Moderate) (RHSA-2021:2046)
2021-05-20 00:00:00
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.7 security update on RHEL 8 (Moderate) (RHSA-2021:2048)
2021-05-20 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities have been identified in Netty shipped with IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library (CVE-2021-21290, CVE-2021-21295, CVE-2021-21409)
2021-06-17 08:12:46
Security Bulletin: Vulnerabilities affect IBM Netcool Agile Service Manager
2021-11-25 08:58:53
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Netty
2021-06-25 00:35:23
prion
prion
Design/Logic Flaw
2021-03-30 15:15:00
Design/Logic Flaw
2021-02-23 18:15:00
Design/Logic Flaw
2020-12-18 01:15:00
cvelist
cvelist
CVE-2021-21409 Possible request smuggling in HTTP/2 due missing validation of content-length
2021-03-30 15:05:17
CVE-2021-20220
2021-02-23 17:21:44
CVE-2021-20250
2021-05-13 13:35:25
debiancve
debiancve
CVE-2021-21409
2021-03-30 15:15:00
CVE-2021-20220
2021-02-23 18:15:00
CVE-2020-15522
2021-05-20 12:15:00
osv
osv
Possible request smuggling in HTTP/2 due missing validation
2021-03-09 18:49:49
CVE-2021-21409
2021-03-30 15:15:00
CVE-2021-21295
2021-03-09 19:15:12
cve
cve
CVE-2021-21409
2021-03-30 15:15:00
CVE-2021-20220
2021-02-23 18:15:00
CVE-2020-28052
2020-12-18 01:15:00
mageia
mageia
Updated netty packages fix security vulnerabilities
2021-07-27 23:21:53
Updated velocity packages fix security vulnerability
2021-04-12 22:59:59
Updated netty packages fix a security vulnerability
2021-03-15 00:20:42
ubuntucve
ubuntucve
CVE-2021-21409
2021-03-30 00:00:00
CVE-2021-20220
2021-02-23 00:00:00
CVE-2020-15522
2021-05-20 00:00:00
redos
redos
ROS-20220125-11
2022-01-25 00:00:00
veracode
veracode
HTTP Request Smuggling
2021-03-31 04:38:02
Information Disclosure
2021-05-24 02:29:03
Insecure Password Matching
2020-12-18 08:45:52
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0374)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-4885-1)
2021-04-07 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:2163-1)
2021-06-27 00:00:00
github
github
HTTP request smuggling in Undertow
2021-06-16 17:47:52
Logic error in Legion of the Bouncy Castle BC Java
2021-04-30 16:14:15
Timing based private key exposure in Bouncy Castle
2021-08-13 15:22:31
redhatcve
redhatcve
CVE-2021-20220
2021-02-04 00:51:57
CVE-2020-15522
2021-05-20 17:45:56
CVE-2020-28052
2021-01-05 14:33:33
debian
debian
[SECURITY] [DSA 4885-1] netty security update
2021-04-05 19:06:20
freebsd
freebsd
bouncycastle15 -- bcrypt password checking vulnerability
2020-11-02 00:00:00
The Bouncy Castle Crypto APIs -- EC math vulnerability
2020-07-04 00:00:00
cgr
cgr
CVE-2020-15522 vulnerabilities
2024-05-19 03:07:16
gitlab
gitlab
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
2021-08-13 00:00:00
amazon
amazon
Important: velocity
2021-07-14 20:45:00
githubexploit
githubexploit
Exploit for CVE-2020-28052
2020-12-19 22:22:45
Exploit for CVE-2020-28052
2021-01-04 17:13:39
atlassian
atlassian
org.apache.velocity Vulnerability in Bitbucket Data Center and Server
2023-09-26 16:12:29
f5
f5
K55834441 : Netty vulnerability CVE-2021-21295
2021-10-01 00:00:00

0.166 Low

EPSS

Percentile

96.0%

JSON
Related for RHSA-2021:2755
redhat26nessus33ibm22prion10cvelist10debiancve7osv16cve9mageia3ubuntucve7redos1veracode8openvas20github8redhatcve9debian1freebsd2cgr1gitlab1amazon1githubexploit2atlassian1f51