ID

VAR-202005-0022


CVE

CVE-2020-10719


TITLE

Undertow In HTTP Request Smagling Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-005881

DESCRIPTION

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling. Undertow To HTTP There is a vulnerability related to Request Smagling.Information may be obtained and tampered with. Red Hat Undertow is a Java-based embedded Web server of American Red Hat (Red Hat) Company and the default Web server of Wildfly (Java Application Server). Red Hat Undertow 2.1.1.Final version has an environmental problem vulnerability. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Security Fix(es): * hawtio-osgi (CVE-2017-5645) * prometheus-jmx-exporter: snakeyaml (CVE-2017-18640) * apache-commons-compress (CVE-2019-12402) * karaf-transaction-manager-narayana: netty (CVE-2019-16869, CVE-2019-20445) * tomcat (CVE-2020-1935, CVE-2020-1938, CVE-2020-9484, CVE-2020-13934, CVE-2020-13935, CVE-2020-11996) * spring-cloud-config-server (CVE-2020-5410) * velocity (CVE-2020-13936) * httpclient: apache-httpclient (CVE-2020-13956) * shiro-core: shiro (CVE-2020-17510) * hibernate-core (CVE-2020-25638) * wildfly-openssl (CVE-2020-25644) * jetty (CVE-2020-27216, CVE-2021-28165) * bouncycastle (CVE-2020-28052) * wildfly (CVE-2019-14887, CVE-2020-25640) * resteasy-jaxrs: resteasy (CVE-2020-1695) * camel-olingo4 (CVE-2020-1925) * springframework (CVE-2020-5421) * jsf-impl: Mojarra (CVE-2020-6950) * resteasy (CVE-2020-10688) * hibernate-validator (CVE-2020-10693) * wildfly-elytron (CVE-2020-10714) * undertow (CVE-2020-10719) * activemq (CVE-2020-13920) * cxf-core: cxf (CVE-2020-13954) * fuse-apicurito-operator-container: golang.org/x/text (CVE-2020-14040) * jboss-ejb-client: wildfly (CVE-2020-14297) * xercesimpl: wildfly (CVE-2020-14338) * xnio (CVE-2020-14340) * flink: apache-flink (CVE-2020-17518) * resteasy-client (CVE-2020-25633) * xstream (CVE-2020-26258) * mybatis (CVE-2020-26945) * pdfbox (CVE-2021-27807, CVE-2021-27906) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Installation instructions are available from the Fuse 7.9.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/ 4. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. Summary: This is a security update for JBoss EAP Continuous Delivery 20. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update Advisory ID: RHSA-2020:2511-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:2511 Issue date: 2020-06-10 CVE Names: CVE-2018-14371 CVE-2019-0205 CVE-2019-0210 CVE-2019-10172 CVE-2019-12423 CVE-2019-14887 CVE-2019-17573 CVE-2020-1695 CVE-2020-1729 CVE-2020-1745 CVE-2020-1757 CVE-2020-6950 CVE-2020-7226 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10688 CVE-2020-10719 ==================================================================== 1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * cxf: reflected XSS in the services listing page (CVE-2019-17573) * cxf-core: cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423) * jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172) * undertow: servletPath in normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757) * jackson-databind: XML external entity similar to CVE-2016-3720 (CVE-2019-10172) * jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172) * resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695) * cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226) * smallrye-config: SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader (CVE-2020-1729) * resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688) * jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840) * undertow: invalid HTTP request with large chunk size (CVE-2020-10719) * jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546) * jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547) * jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548) * undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745) * libthrift: thrift: Endless loop when feed with specific input data (CVE-2019-0205) * libthrift: thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210) * wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887) * jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950) * jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId 1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page 1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation 1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader 1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final JBEAP-18060 - [GSS](7.3.z) Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001 JBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001 JBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012 JBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core JBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core JBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final JBEAP-18277 - [GSS](7.3.z) Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001 JBEAP-18288 - [GSS](7.3.z) Upgrade FasterXML from 2.10.0 to 2.10.3 JBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10 JBEAP-18302 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.18 to 1.0.20 JBEAP-18315 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010 JBEAP-18346 - [GSS](7.3.z) Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002 JBEAP-18352 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001 JBEAP-18361 - [GSS](7.3.z) Upgrade Woodstox from 5.0.3 to 6.0.3 JBEAP-18367 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.15 to 5.3.16 JBEAP-18393 - [GSS](7.3.z) Update $JBOSS_HOME/docs/schema to show https schema URL instead of http JBEAP-18397 - Tracker bug for the EAP 7.3.1 release for RHEL-6 JBEAP-18409 - [GSS](7.3.z) Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001 JBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final JBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001 JBEAP-18596 - [GSS](7.3.z) Upgrade JBoss Modules from 1.9.1 to 1.10.0 JBEAP-18598 - [GSS](7.3.z) Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002 JBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001 JBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001 JBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final JBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001 JBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001 JBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001 JBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001 JBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006 JBEAP-18836 - [GSS](7.3.z) Upgrade Remoting JMX from 3.0.3 to 3.0.4 JBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2 JBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002 JBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0 JBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2 JBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3 JBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3 JBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4 JBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final JBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001 JBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002 JBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1 JBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004 JBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001 JBEAP-19117 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001 JBEAP-19133 - [GSS](7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001 JBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001 JBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001 JBEAP-19192 - (7.3.z) Update the Japanese translations JBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001 JBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001 JBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final 7. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2018-14371 https://access.redhat.com/security/cve/CVE-2019-0205 https://access.redhat.com/security/cve/CVE-2019-0210 https://access.redhat.com/security/cve/CVE-2019-10172 https://access.redhat.com/security/cve/CVE-2019-12423 https://access.redhat.com/security/cve/CVE-2019-14887 https://access.redhat.com/security/cve/CVE-2019-17573 https://access.redhat.com/security/cve/CVE-2020-1695 https://access.redhat.com/security/cve/CVE-2020-1729 https://access.redhat.com/security/cve/CVE-2020-1745 https://access.redhat.com/security/cve/CVE-2020-1757 https://access.redhat.com/security/cve/CVE-2020-6950 https://access.redhat.com/security/cve/CVE-2020-7226 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10688 https://access.redhat.com/security/cve/CVE-2020-10719 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXuEwDdzjgjWX9erEAQj5vA//da7dJ0mPXDfnjDddloLp4GhZFSzpMf+8 XOA1pa8mFiDSXeJd4LoO3jDTPQnOsvnLX/4WoMFK227o+mKMWo74ArjeEg9EosT3 YaqI77IMexUuVjBHnvKygiB8ZYCXLS3PXiC/Ods5I5Xt07uxvsu9bl328RSX2TQR fhD/EAbc8vopMD10off7iXSgNh320EW/2GJKhJDoXhdvkZyifc5gu9/SaDq1JH1Q ol8FyVhdJCiDu1cqw/LBMT1J8BSJuJI+y9b7eqyQ4oZOIhpJ5BsMgcJmmLMjgnBA X1b1CtCJy9KbhNgLIqC+og37Bce2MDfAames/HC6wyZyryeChzhVYxhOw25YUk+W hBTOfQN273TIEp/Nom/SNYKrG2D9a3ki+7AeGOHRDQbfhBXeogYHftIT+h7sErAe EfkGoAE+pGeQiNXLDkSx6eZodxednpK4S8LoysUpkCAyl1Zfd2TjbVGyZNIcOEtO kCNtJ0giM7ZccXLnA+aC/X6M0c27pd8sl2eIgkBaLymEoEYW+BgdxSE5HD5hhC/p P6WT3nq8R5k0xmRXGXOEK2ireHIjQAfhADmv50YJv4wkbfbXADl1AImiLprgnrGI y2sYyVzXGC4APQZJCgUG61wZkRp8QDtnjAdfJujSzuxg3KpE/x1MQJqlnibKflUN uvhlMQF+ipU=W6+1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.79

sources: NVD: CVE-2020-10719 // JVNDB: JVNDB-2020-005881 // CNVD: CNVD-2020-35679 // VULMON: CVE-2020-10719 // PACKETSTORM: 163798 // PACKETSTORM: 157642 // PACKETSTORM: 157640 // PACKETSTORM: 159015 // PACKETSTORM: 158037 // PACKETSTORM: 158047

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-35679

AFFECTED PRODUCTS

vendor:redhatmodel:openshift application runtimesscope:eqversion: -

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:7.4

Trust: 1.0

vendor:redhatmodel:fusescope:eqversion:1.0

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:7.3

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:oncommand insightscope:ltversion:7.3.13

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:7.2

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:single sign-onscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:undertowscope:ltversion:2.1.1

Trust: 1.0

vendor:red hatmodel:undertowscope:eqversion:2.1.1

Trust: 0.8

vendor:redmodel:hat undertow <2.1.1.finalscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-35679 // JVNDB: JVNDB-2020-005881 // NVD: CVE-2020-10719

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10719
value: MEDIUM

Trust: 1.0

secalert@redhat.com: CVE-2020-10719
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-005881
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-35679
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202005-237
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-10719
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-005881
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-35679
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-10719
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-005881
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-35679 // JVNDB: JVNDB-2020-005881 // CNNVD: CNNVD-202005-237 // NVD: CVE-2020-10719 // NVD: CVE-2020-10719

PROBLEMTYPE DATA

problemtype:CWE-444

Trust: 1.8

sources: JVNDB: JVNDB-2020-005881 // NVD: CVE-2020-10719

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 163798 // PACKETSTORM: 159015 // CNNVD: CNNVD-202005-237

TYPE

environmental issue

Trust: 0.6

sources: CNNVD: CNNVD-202005-237

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005881

PATCH

title:Bug 1828459url:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719

Trust: 0.8

title:Patch for Red Hat Undertow Environmental Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/224079

Trust: 0.6

title:Red Hat Undertow Remediation measures for environmental problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119577

Trust: 0.6

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.8 on RHEL 6 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202058 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.8 on RHEL 8 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202060 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.8 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202061 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.8 on RHEL 7 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202059 - Security Advisory

Trust: 0.1

sources: CNVD: CNVD-2020-35679 // VULMON: CVE-2020-10719 // JVNDB: JVNDB-2020-005881 // CNNVD: CNNVD-202005-237

EXTERNAL IDS

db:NVDid:CVE-2020-10719

Trust: 3.7

db:JVNDBid:JVNDB-2020-005881

Trust: 0.8

db:PACKETSTORMid:163798

Trust: 0.7

db:PACKETSTORMid:157642

Trust: 0.7

db:PACKETSTORMid:159015

Trust: 0.7

db:CNVDid:CNVD-2020-35679

Trust: 0.6

db:PACKETSTORMid:158048

Trust: 0.6

db:PACKETSTORMid:158532

Trust: 0.6

db:PACKETSTORMid:158282

Trust: 0.6

db:AUSCERTid:ESB-2020.2536

Trust: 0.6

db:AUSCERTid:ESB-2021.2731

Trust: 0.6

db:AUSCERTid:ESB-2020.1659

Trust: 0.6

db:AUSCERTid:ESB-2020.2287

Trust: 0.6

db:AUSCERTid:ESB-2020.2050

Trust: 0.6

db:AUSCERTid:ESB-2020.2042

Trust: 0.6

db:AUSCERTid:ESB-2020.2992

Trust: 0.6

db:NSFOCUSid:47934

Trust: 0.6

db:CNNVDid:CNNVD-202005-237

Trust: 0.6

db:VULMONid:CVE-2020-10719

Trust: 0.1

db:PACKETSTORMid:157640

Trust: 0.1

db:PACKETSTORMid:158037

Trust: 0.1

db:PACKETSTORMid:158047

Trust: 0.1

sources: CNVD: CNVD-2020-35679 // VULMON: CVE-2020-10719 // JVNDB: JVNDB-2020-005881 // PACKETSTORM: 163798 // PACKETSTORM: 157642 // PACKETSTORM: 157640 // PACKETSTORM: 159015 // PACKETSTORM: 158037 // PACKETSTORM: 158047 // CNNVD: CNNVD-202005-237 // NVD: CVE-2020-10719

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-10719

Trust: 2.0

url:https://access.redhat.com/security/cve/cve-2020-10719

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20220210-0014/

Trust: 1.6

url:https://bugzilla.redhat.com/show_bug.cgi?id=cve-2020-10719

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10719

Trust: 0.8

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2050/

Trust: 0.6

url:https://packetstormsecurity.com/files/157642/red-hat-security-advisory-2020-2058-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/158532/red-hat-security-advisory-2020-2905-01.html

Trust: 0.6

url:http://www.nsfocus.net/vulndb/47934

Trust: 0.6

url:https://packetstormsecurity.com/files/158048/red-hat-security-advisory-2020-2512-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2042/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2992/

Trust: 0.6

url:https://packetstormsecurity.com/files/158282/red-hat-security-advisory-2020-2813-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/159015/red-hat-security-advisory-2020-3585-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2287/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2536/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2731

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1659/

Trust: 0.6

url:https://packetstormsecurity.com/files/163798/red-hat-security-advisory-2021-3140-01.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/red-hat-jboss-enterprise-application-platform-seven-vulnerabilities-32233

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-10172

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-10172

Trust: 0.5

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-6950

Trust: 0.4

url:https://issues.jboss.org/):

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-17573

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-1745

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-17573

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-7226

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-1729

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-1757

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-1729

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-7226

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-12423

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-12423

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-1745

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-1757

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-10688

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-14887

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-1695

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-10688

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-1695

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-14887

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-1719

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-1719

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-10705

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-10705

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-6950

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-14371

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-14371

Trust: 0.3

url:https://access.redhat.com/errata/rhsa-2020:2058

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10714

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10714

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-1732

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1732

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9547

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9546

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9547

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-0210

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-0205

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9548

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-0210

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9548

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8840

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9546

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-8840

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-0205

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13936

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1925

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1935

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-17510

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13956

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14040

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14338

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13920

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13954

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-18640

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14040

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3140

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13920

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-5410

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13934

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27216

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13934

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13935

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28165

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9484

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14297

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5645

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14338

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10693

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11996

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12402

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12402

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13954

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26258

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25638

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-5645

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14340

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.9.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14297

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-17510

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11996

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13956

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27807

Trust: 0.1

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-16869

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14340

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25633

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16869

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-18640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26945

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25644

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1935

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13936

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-17518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27906

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-5421

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20445

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20445

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28052

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10693

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-17518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13935

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:2061

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=7.2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10740

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3585

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product\xeap-cd&version

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11612

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1954

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10673

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14900

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10683

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10683

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14900

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10740

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11612

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/20/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1954

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10673

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:2511

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:2513

Trust: 0.1

sources: CNVD: CNVD-2020-35679 // VULMON: CVE-2020-10719 // JVNDB: JVNDB-2020-005881 // PACKETSTORM: 163798 // PACKETSTORM: 157642 // PACKETSTORM: 157640 // PACKETSTORM: 159015 // PACKETSTORM: 158037 // PACKETSTORM: 158047 // CNNVD: CNNVD-202005-237 // NVD: CVE-2020-10719

CREDITS

Red Hat

Trust: 1.2

sources: PACKETSTORM: 163798 // PACKETSTORM: 157642 // PACKETSTORM: 157640 // PACKETSTORM: 159015 // PACKETSTORM: 158037 // PACKETSTORM: 158047 // CNNVD: CNNVD-202005-237

SOURCES

db:CNVDid:CNVD-2020-35679
db:VULMONid:CVE-2020-10719
db:JVNDBid:JVNDB-2020-005881
db:PACKETSTORMid:163798
db:PACKETSTORMid:157642
db:PACKETSTORMid:157640
db:PACKETSTORMid:159015
db:PACKETSTORMid:158037
db:PACKETSTORMid:158047
db:CNNVDid:CNNVD-202005-237
db:NVDid:CVE-2020-10719

LAST UPDATE DATE

2024-11-20T21:24:37.119000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-35679date:2020-07-01T00:00:00
db:VULMONid:CVE-2020-10719date:2020-05-29T00:00:00
db:JVNDBid:JVNDB-2020-005881date:2020-06-24T00:00:00
db:CNNVDid:CNNVD-202005-237date:2022-03-10T00:00:00
db:NVDid:CVE-2020-10719date:2023-11-07T03:14:16.723

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-35679date:2020-07-01T00:00:00
db:VULMONid:CVE-2020-10719date:2020-05-26T00:00:00
db:JVNDBid:JVNDB-2020-005881date:2020-06-24T00:00:00
db:PACKETSTORMid:163798date:2021-08-12T15:42:56
db:PACKETSTORMid:157642date:2020-05-11T21:14:33
db:PACKETSTORMid:157640date:2020-05-11T21:14:15
db:PACKETSTORMid:159015date:2020-08-31T16:22:15
db:PACKETSTORMid:158037date:2020-06-11T16:34:17
db:PACKETSTORMid:158047date:2020-06-11T16:36:11
db:CNNVDid:CNNVD-202005-237date:2020-05-06T00:00:00
db:NVDid:CVE-2020-10719date:2020-05-26T16:15:12.180