Bug 2184751 (CVE-2023-4503) - CVE-2023-4503 eap-galleon: custom provisioning creates unsecured http-invoker
Summary: CVE-2023-4503 eap-galleon: custom provisioning creates unsecured http-invoker
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2023-4503
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2144587
TreeView+ depends on / blocked
 
Reported: 2023-04-05 15:33 UTC by Chess Hazlett
Modified: 2024-07-01 16:56 UTC (History)
25 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2024-07-01 16:56:28 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:7637 0 None None None 2023-12-04 17:57:18 UTC
Red Hat Product Errata RHSA-2023:7638 0 None None None 2023-12-04 17:59:11 UTC
Red Hat Product Errata RHSA-2023:7639 0 None None None 2023-12-04 17:56:41 UTC
Red Hat Product Errata RHSA-2023:7641 0 None None None 2023-12-04 18:02:20 UTC
Red Hat Product Errata RHSA-2024:3580 0 None None None 2024-06-04 11:03:42 UTC
Red Hat Product Errata RHSA-2024:3581 0 None None None 2024-06-04 11:00:30 UTC
Red Hat Product Errata RHSA-2024:3583 0 None None None 2024-06-04 10:59:03 UTC

Description Chess Hazlett 2023-04-05 15:33:27 UTC 
When using Galleon to provision custom EAP or EAP-XP servers, the servers were created unsecured. An attacker could then use this issue to access remote HTTP services available from the server.
Comment 7 errata-xmlrpc 2023-12-04 17:56:39 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Via RHSA-2023:7639 https://access.redhat.com/errata/RHSA-2023:7639
Comment 8 errata-xmlrpc 2023-12-04 17:57:16 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Via RHSA-2023:7637 https://access.redhat.com/errata/RHSA-2023:7637
Comment 9 errata-xmlrpc 2023-12-04 17:59:09 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Via RHSA-2023:7638 https://access.redhat.com/errata/RHSA-2023:7638
Comment 10 errata-xmlrpc 2023-12-04 18:02:19 UTC 
This issue has been addressed in the following products:

  EAP 7.4.14

Via RHSA-2023:7641 https://access.redhat.com/errata/RHSA-2023:7641
Comment 11 errata-xmlrpc 2024-06-04 10:59:01 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2024:3583 https://access.redhat.com/errata/RHSA-2024:3583
Comment 12 errata-xmlrpc 2024-06-04 11:00:28 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

Via RHSA-2024:3581 https://access.redhat.com/errata/RHSA-2024:3581
Comment 13 errata-xmlrpc 2024-06-04 11:03:40 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Via RHSA-2024:3580 https://access.redhat.com/errata/RHSA-2024:3580
Note You need to log in before you can comment on or make changes to this bug.