Threats Tagged 'cve-2024-29025'

Red Hat JBoss Enterprise Application Platform 8. 0. 3 includes multiple security fixes addressing vulnerabilities such as SSRF in Apache CXF, a timing attack variant in BouncyCastle, resource allocation issues in Netty, infinite loops in ED25519 verification, and denial of service via crafted EC certificates. These vulnerabilities affect the Java application platform based on WildFly runtime and have been rated with an overall security impact of Important by Red Hat. The update replaces version 8. 0. 2 and includes bug fixes and enhancements alongside security patches. No known exploits in the wild have been reported at this time.

Red Hat JBoss Enterprise Application Platform 8. 0. 3 includes multiple security fixes addressing vulnerabilities such as SSRF in Apache CXF, resource allocation issues in Netty, and several cryptographic flaws in BouncyCastle. These vulnerabilities could lead to denial of service, timing attacks, or server-side request forgery. The update replaces version 8. 0. 2 and is rated with an important security impact by Red Hat. No known exploits in the wild have been reported at this time.

Red Hat JBoss Enterprise Application Platform 8. 0. 3 includes multiple security fixes addressing vulnerabilities such as SSRF in Apache CXF, resource allocation issues in Netty, timing attacks and denial of service in BouncyCastle cryptographic libraries, and infinite loops during ED25519 verification. These vulnerabilities affect the platform's core components and cryptographic operations. The update replaces version 8. 0. 2 and is rated as having an important security impact by Red Hat. No known exploits in the wild have been reported. Users are advised to apply the update following Red Hat's guidance to mitigate these issues.

Red Hat JBoss Enterprise Application Platform 7. 4. 18 includes multiple security fixes addressing vulnerabilities such as remote memory denial of service (DoS), timing attacks on cryptographic libraries, infinite loops causing DoS, and resource allocation issues. These vulnerabilities affect components including Undertow, BouncyCastle, Netty, and HTTP/2 handling. The update replaces version 7. 4. 17 and is rated with an Important security impact by Red Hat. No CVSS scores are provided in the advisory, but the overall severity is high. The vendor has released this update to remediate the identified issues.

Red Hat JBoss Enterprise Application Platform 7. 4. 18 addresses multiple security vulnerabilities affecting components such as Undertow, BouncyCastle, Netty, and HTTP/2 handling. These vulnerabilities include remote memory denial of service (DoS) attacks, infinite loops causing DoS, resource allocation without limits, and timing attacks on cryptographic operations. The update replaces version 7. 4. 17 and includes fixes for seven CVEs, including CVE-2024-3653. Red Hat has released this update as an important security advisory and recommends applying it after ensuring all previous errata are installed and backing up existing installations.

Red Hat JBoss Enterprise Application Platform 7. 4. 18 includes multiple security fixes addressing vulnerabilities such as remote memory denial of service (DoS) via the LearningPushHandler, timing attacks on BouncyCastle cryptographic library, infinite loops causing DoS in cryptographic verification, and HTTP/2 CONTINUATION frame DoS. These issues affect components like undertow, BouncyCastle, netty-codec-http, and httpd within the platform. The update replaces version 7. 4. 17 and provides important security improvements to mitigate these vulnerabilities.

Red Hat JBoss Enterprise Application Platform 7. 4. 18 includes multiple security fixes addressing vulnerabilities such as remote memory denial of service (DoS), timing attacks, infinite loops, and resource allocation issues. These vulnerabilities affect components like undertow, BouncyCastle cryptographic libraries, netty-codec-http, and HTTP/2 handling. The update replaces version 7. 4. 17 and provides important security improvements. Users are advised to apply this update after ensuring all prior errata are installed and backing up their systems.

Red Hat Integration - Service Registry 2. 5. 11 GA includes multiple security fixes addressing denial of service, memory leaks, and resource allocation issues in components such as commons-compress, vert. x, and netty-codec-http. These vulnerabilities could lead to denial of service or resource exhaustion under certain conditions. The update is rated as having a moderate security impact by Red Hat Product Security. No known exploits are reported in the wild. The advisory recommends applying the update after ensuring all previous errata are applied.

Red Hat Data Grid 8. 5. 0 addresses two security vulnerabilities: CVE-2024-29180, involving a lack of URL validation in webpack-dev-middleware that may lead to file leaks, and CVE-2024-29025, concerning resource allocation without limits or throttling in netty-codec-http. These issues affect Red Hat Data Grid versions prior to 8. 5. 0. The update replaces version 8. 4. 8 and includes these security fixes along with other bug fixes and enhancements. Red Hat has rated the update as important and recommends applying it after ensuring all previous errata are applied.