It was found that there was insufficient use of randam values in RESTEasy async jobs. An attacker could use this flaw to steal user data.
Acknowledgments: Name: Mikhail Egorov (Odin)
Created resteasy tracking bugs for this issue: Affects: fedora-all [bug 1372118]
Mitigation: Don't enable Async Jobs Service as details in the section, "2.10. RESTEASY ASYNCHRONOUS JOB SERVICE" of JBoss EAP 7 Developing Web Services Applications documentation: https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/7.0/paged/developing-web-services-applications/chapter-2-developing-jax-rs-web-services
Created resteasy tracking bugs for this issue: Affects: fedora-all [bug 1471273]
Created resteasy tracking bugs for this issue: Affects: fedora-all [bug 1480769]