It was found that the ResponseBodyHandlers class implementation in the Networking/HTTP client component of OpenJDK failed to check for special characters embedded in file name parameters. A malicious user able to make a Java application perform an HTTP request to an attacker provided URL could use this flaw to possibly carry out a path traversal attack.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4170 https://access.redhat.com/errata/RHSA-2023:4170
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4171 https://access.redhat.com/errata/RHSA-2023:4171
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:4165 https://access.redhat.com/errata/RHSA-2023:4165
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:4162 https://access.redhat.com/errata/RHSA-2023:4162
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4164 https://access.redhat.com/errata/RHSA-2023:4164
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4157 https://access.redhat.com/errata/RHSA-2023:4157
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4169 https://access.redhat.com/errata/RHSA-2023:4169
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4163 https://access.redhat.com/errata/RHSA-2023:4163
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.20 Via RHSA-2023:4161 https://access.redhat.com/errata/RHSA-2023:4161
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.20 Via RHSA-2023:4208 https://access.redhat.com/errata/RHSA-2023:4208
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.8 Via RHSA-2023:4210 https://access.redhat.com/errata/RHSA-2023:4210
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.8 Via RHSA-2023:4211 https://access.redhat.com/errata/RHSA-2023:4211
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:4177 https://access.redhat.com/errata/RHSA-2023:4177
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:4158 https://access.redhat.com/errata/RHSA-2023:4158
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4159 https://access.redhat.com/errata/RHSA-2023:4159
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4175 https://access.redhat.com/errata/RHSA-2023:4175
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:4233 https://access.redhat.com/errata/RHSA-2023:4233
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-22006
OpenJDK-11 upstream commit: https://github.com/openjdk/jdk11u/commit/bf301e2476ae6333c64c7cda8855a18198807e55 OpenJDK-17 upstream commit: https://github.com/openjdk/jdk17u/commit/3e56ecce998602618987ffd3b68d8468e8e939c2
Oracle CPU July 2023: https://www.oracle.com/security-alerts/cpujul2023.html#AppendixJAVA Fixed in Oracle Java SE 11.0.20, 17.0.8, 20.0.2. Release notes: https://www.oracle.com/java/technologies/javase/11-0-20-relnotes.html https://www.oracle.com/java/technologies/javase/17-0-8-relnotes.html https://www.oracle.com/java/technologies/javase/20-0-2-relnotes.html