Details of VAR-201907-1547

ID

VAR-201907-1547

CVE

CVE-2019-10184

TITLE

undertow Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-007209

DESCRIPTION

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api. RedHatUndertow is a Java-based embedded Web server from RedHat, Inc., and is the default web server for Wildfly (Java Application Server). The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Single Sign-On 7.3.4 security update on RHEL 6 Advisory ID: RHSA-2019:3044-01 Product: Red Hat Single Sign-On Advisory URL: https://access.redhat.com/errata/RHSA-2019:3044 Issue date: 2019-10-14 CVE Names: CVE-2019-10184 CVE-2019-12086 CVE-2019-12814 CVE-2019-14379 CVE-2019-14820 CVE-2019-14832 ===================================================================== 1. Summary: New Red Hat Single Sign-On 7.3.4 packages are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Single Sign-On 7.3 for RHEL 6 Server - noarch 3. Description: Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.4 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.3.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * keycloak: cross-realm user access auth bypass (CVE-2019-14832) * keycloak: adapter endpoints are exposed via arbitrary URLs (CVE-2019-14820) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message (CVE-2019-12814) * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server (CVE-2019-12086) * undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1649870 - CVE-2019-14820 keycloak: adapter endpoints are exposed via arbitrary URLs 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1749487 - CVE-2019-14832 keycloak: cross-realm user access auth bypass 6. JIRA issues fixed (https://issues.jboss.org/): KEYCLOAK-11454 - Tracker bug for the RH-SSO 7.3.4 release for RHEL7 7. Package List: Red Hat Single Sign-On 7.3 for RHEL 6 Server: Source: rh-sso7-keycloak-4.8.13-1.Final_redhat_00001.1.el6sso.src.rpm noarch: rh-sso7-keycloak-4.8.13-1.Final_redhat_00001.1.el6sso.noarch.rpm rh-sso7-keycloak-server-4.8.13-1.Final_redhat_00001.1.el6sso.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2019-10184 https://access.redhat.com/security/cve/CVE-2019-12086 https://access.redhat.com/security/cve/CVE-2019-12814 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2019-14820 https://access.redhat.com/security/cve/CVE-2019-14832 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXaS+r9zjgjWX9erEAQizTBAAmTcTk3Q7rVco9Xx4dWdTBrNeB3cKhnoj Fhkwvdoo4MVgaDWv2P9h9/JFoaCvgw6ZP2ZBbwB0wXq2+F70GFexx/nP44TlL3Kg JBAjCLvYT24Ahtxg9U6bmZwi1++fogj9TfJcC1C7k+TZHvoz3W+BCIO3OFWC2xYb mkT943QgXEALZ+KjAZqG0fE3RvH28zZy1RQO5x0Vb+qr6KTTzEF/VvtQFOiKVtok qyKa+59Ddzr/YLy+QPN4+tOMWNbGJhUnarssUVodgc/1OAEGJLPGB7iez9ekwTNf AzRL9nrMUI+DYs2pz/Cks9aban3uWmjXCn4OxfyBS2vJKiwXIxpHOh8Zfl9NlB7e X2NMGeU34Dem1ofhTErZCDbpkCUHYuiTgaJ53JoWAzVfX3gGb44GFDxN7kQ2DG6q lScmZjNPtI2GJ0h+4L6ViSHOhNOpTSHlfaMsatC4kE50qjNagGC2jcgS9mmYwclX gLuLa+RlbMeZSYSVb4pl2rkKvwdR5tbrLBfznoeT46UPHKT+1Yyd28jlClTNBMoP qroivgayFrYkC/oj0ud0V3POKyxpdZS1rf7GZrwN+etESHn9RZwnzsj413fQtIaw xP5xCmpqGCbBe2JZRLizd+voOn1oZbZSNYpZfGfghQHZ9IuKrECqJ8KQhv5yx2GD cxVVfwDI8os= =akLu -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. Installation instructions are available from the Fuse 7.6.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/ 4. JIRA issues fixed (https://issues.jboss.org/): JBEAP-16455 - [GSS](7.2.z) Upgrade Infinispan from 9.3.6 to 9.3.7 JBEAP-16779 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.10 to 5.3.11 JBEAP-17045 - [GSS](7.2.z) Upgrade JSF based on Mojarra 2.3.5.SP3-redhat-00001 to 2.3.5.SP3-redhat-00002 JBEAP-17062 - [GSS](7.2.z) Upgrade Artemis from 2.7.0.redhat-00057 to 2.9.0.redhat-00005 JBEAP-17073 - [GSS](7.2.z) Upgrade jboss-ejb-client from 4.0.20 to 4.0.23 JBEAP-17109 - (7.2.z) Upgrade XNIO from 3.6.6.Final-redhat-00001 to 3.7.3.Final-redhat-00001 JBEAP-17112 - [GSS](7.2.z) Upgrade JBoss Remoting from 5.0.12 to 5.0.14.SP1 JBEAP-17144 - Tracker bug for the EAP 7.2.4 release for RHEL-8 JBEAP-17162 - [GSS](7.2.z) Upgrade jgroups from 4.0.19 to 4.0.20 JBEAP-17178 - (7.2.z) Upgrade IronJacamar from 1.4.16.Final to 1.4.17.Final JBEAP-17182 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007 JBEAP-17183 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00006 to 2.5.5.SP12-redhat-00007 JBEAP-17223 - [GSS](7.2.z) Upgrade WildFly Core from 6.0.15 to 6.0.16 JBEAP-17238 - [GSS](7.2.z) Upgrade HAL from 3.0.13 to 3.0.16 JBEAP-17250 - [GSS](7.2.z) Upgrade JBoss MSC from 1.4.5 to 1.4.8 JBEAP-17271 - [GSS](7.2.z) Upgrade jboss-logmanager from 2.1.7.Final-redhat-00001 to 2.1.14.Final-redhat-00001 JBEAP-17273 - [GSS](7.2.z) Upgrade jboss-logging from 3.3.2.Final-redhat-00001 to 3.3.3.Final-redhat-00001 JBEAP-17274 - [GSS](7.2.z) Upgrade Wildfly Elytron from 1.6.3.Final-redhat-00001 to 1.6.4.Final-redhat-00001 JBEAP-17276 - [GSS](7.2.z) Upgrade wildfly-transaction-client from 1.1.4.Final-redhat-00001 to 1.1.6.Final-redhat-00001 JBEAP-17277 - [GSS](7.2.z) Upgrade Undertow from 2.0.22 to 2.0.25.SP1 JBEAP-17278 - [GSS](7.2.z) Upgrade JBoss Marshalling from 2.0.7 to 2.0.9 JBEAP-17294 - [GSS](7.2.z) Upgrade weld from 3.0.6.Final-redhat-00001 to 3.0.6.Final-redhat-00002 JBEAP-17311 - [GSS](7.2.z) Upgrade jboss-jaxrs-api_2.1_spec from 1.0.1.Final-redhat-00001 to 1.0.3.Final-redhat-00001 JBEAP-17320 - [GSS](7.2.z) Upgrade PicketBox from 5.0.3.Final-redhat-3 to 5.0.3.Final-redhat-00004 JBEAP-17321 - [GSS](7.2.z) Upgrade Narayana from 5.9.3.Final to 5.9.6.Final JBEAP-17334 - (7.2.z) Upgrade Elytron-Tool from 1.4.2 to 1.4.3.Final JBEAP-17527 - [GSS](7.2.z) Upgrade Hibernate ORM from 5.3.11 to 5.3.11.SP1 7

Trust: 2.88

sources: NVD: CVE-2019-10184 // JVNDB: JVNDB-2019-007209 // CNVD: CNVD-2019-24570 // PACKETSTORM: 154686 // PACKETSTORM: 154843 // PACKETSTORM: 154687 // PACKETSTORM: 154850 // PACKETSTORM: 154672 // PACKETSTORM: 154793 // PACKETSTORM: 156941 // PACKETSTORM: 154665

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-24570

AFFECTED PRODUCTS

vendor:	redhat	model:	jboss enterprise application platform	scope:	eq	version:	7.3	Trust: 1.0
vendor:	redhat	model:	jboss enterprise application platform	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	single sign-on	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	jboss enterprise application platform	scope:	eq	version:	7.4	Trust: 1.0
vendor:	redhat	model:	single sign-on	scope:	eq	version:	7.3	Trust: 1.0
vendor:	redhat	model:	single sign-on	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	jboss enterprise application platform	scope:	eq	version:	7.2	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	jboss enterprise application platform	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	redhat	model:	openshift application runtimes	scope:	eq	version:	1.0	Trust: 1.0
vendor:	redhat	model:	undertow	scope:	lt	version:	2.0.23	Trust: 1.0
vendor:	redhat	model:	openshift application runtimes	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	jboss data grid	scope:	eq	version:	-	Trust: 1.0
vendor:	red hat	model:	jboss enterprise application platform	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	openshift application runtimes	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	single sign-on	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	undertow	scope:	lt	version:	2.0.23	Trust: 0.8
vendor:	red	model:	hat red hat undertow <2.0.23.final	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-24570 // JVNDB: JVNDB-2019-007209 // NVD: CVE-2019-10184

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10184
value:	HIGH
Trust: 1.0
secalert@redhat.com:	CVE-2019-10184
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-10184
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-24570
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201907-1345
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-10184
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-24570
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-10184
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
secalert@redhat.com:	CVE-2019-10184
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0
NVD:	CVE-2019-10184
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-24570 // JVNDB: JVNDB-2019-007209 // CNNVD: CNNVD-201907-1345 // NVD: CVE-2019-10184 // NVD: CVE-2019-10184

PROBLEMTYPE DATA

problemtype:	CWE-862	Trust: 1.0
problemtype:	CWE-200	Trust: 0.8

sources: JVNDB: JVNDB-2019-007209 // NVD: CVE-2019-10184

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1345

TYPE

code execution

Trust: 0.7

sources: PACKETSTORM: 154686 // PACKETSTORM: 154843 // PACKETSTORM: 154687 // PACKETSTORM: 154850 // PACKETSTORM: 154672 // PACKETSTORM: 154793 // PACKETSTORM: 154665

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007209

PATCH

title:	[UNDERTOW-1578] 401 Unauthorized should be returned when requesting a protected directory without trailing slash #794	url:	https://github.com/undertow-io/undertow/pull/794	Trust: 0.8
title:	Bug 1713068	url:	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184	Trust: 0.8
title:	Patch for RedHatUndertow Information Disclosure Vulnerability (CNVD-2019-24570)	url:	https://www.cnvd.org.cn/patchInfo/show/172059	Trust: 0.6
title:	Red Hat Undertow Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95492	Trust: 0.6

sources: CNVD: CNVD-2019-24570 // JVNDB: JVNDB-2019-007209 // CNNVD: CNNVD-201907-1345

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10184	Trust: 3.8
db:	JVNDB	id:	JVNDB-2019-007209	Trust: 0.8
db:	PACKETSTORM	id:	154793	Trust: 0.7
db:	PACKETSTORM	id:	156941	Trust: 0.7
db:	PACKETSTORM	id:	154665	Trust: 0.7
db:	CNVD	id:	CNVD-2019-24570	Trust: 0.6
db:	PACKETSTORM	id:	156628	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3672	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1076	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3805	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0832	Trust: 0.6
db:	CNNVD	id:	CNNVD-201907-1345	Trust: 0.6
db:	PACKETSTORM	id:	154686	Trust: 0.1
db:	PACKETSTORM	id:	154843	Trust: 0.1
db:	PACKETSTORM	id:	154687	Trust: 0.1
db:	PACKETSTORM	id:	154850	Trust: 0.1
db:	PACKETSTORM	id:	154672	Trust: 0.1

sources: CNVD: CNVD-2019-24570 // PACKETSTORM: 154686 // PACKETSTORM: 154843 // PACKETSTORM: 154687 // PACKETSTORM: 154850 // PACKETSTORM: 154672 // PACKETSTORM: 154793 // PACKETSTORM: 156941 // PACKETSTORM: 154665 // JVNDB: JVNDB-2019-007209 // CNNVD: CNNVD-201907-1345 // NVD: CVE-2019-10184

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-10184	Trust: 2.8
url:	https://access.redhat.com/errata/rhsa-2019:2936	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:3044	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:2938	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:3050	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:2935	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:2937	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:3046	Trust: 2.2
url:	https://access.redhat.com/errata/rhsa-2019:3045	Trust: 2.2
url:	https://access.redhat.com/errata/rhsa-2019:2998	Trust: 1.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-10184	Trust: 1.6
url:	https://access.redhat.com/errata/rhsa-2020:0727	Trust: 1.6
url:	https://github.com/undertow-io/undertow/pull/794	Trust: 1.6
url:	https://security.netapp.com/advisory/ntap-20220210-0016/	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14379	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2019-10184	Trust: 0.8
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.8
url:	https://access.redhat.com/security/team/contact/	Trust: 0.8
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.8
url:	https://bugzilla.redhat.com/):	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2019-14379	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10184	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12086	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12814	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2019-12814	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2019-12086	Trust: 0.7
url:	https://issues.jboss.org/):	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12384	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2019-12384	Trust: 0.6
url:	https://vigilance.fr/vulnerability/undertow-information-disclosure-via-trailing-slashes-30482	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3805/	Trust: 0.6
url:	https://packetstormsecurity.com/files/154793/red-hat-security-advisory-2019-2998-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0832/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1076/	Trust: 0.6
url:	https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/154665/red-hat-security-advisory-2019-2937-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3672/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10212	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-10212	Trust: 0.5
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-10202	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10202	Trust: 0.4
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/	Trust: 0.4
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-14832	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-14820	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14832	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14820	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-3888	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3888	Trust: 0.2
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=7.2	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso&downloadtype=securitypatches&version=7.3	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3868	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product\xcatrhoar.thorntail&version=2.5.0	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3868	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/release_notes_for_thorntail_2/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9513	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9514	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9517	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10174	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-9251	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9515	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11771	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5427	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9512	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9514	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12422	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9517	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9515	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-5929	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12422	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14439	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9516	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9518	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11272	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17570	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-9513	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17570	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.6.0	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-5929	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-11771	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14439	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3802	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9512	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-15756	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-5427	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15756	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-9251	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-16012	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10174	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11272	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9516	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3802	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9518	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-16012	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:0983	Trust: 0.1

CREDITS

Red Hat

Trust: 1.4

sources: PACKETSTORM: 154686 // PACKETSTORM: 154843 // PACKETSTORM: 154687 // PACKETSTORM: 154850 // PACKETSTORM: 154672 // PACKETSTORM: 154793 // PACKETSTORM: 156941 // PACKETSTORM: 154665 // CNNVD: CNNVD-201907-1345

SOURCES

db:	CNVD	id:	CNVD-2019-24570
db:	PACKETSTORM	id:	154686
db:	PACKETSTORM	id:	154843
db:	PACKETSTORM	id:	154687
db:	PACKETSTORM	id:	154850
db:	PACKETSTORM	id:	154672
db:	PACKETSTORM	id:	154793
db:	PACKETSTORM	id:	156941
db:	PACKETSTORM	id:	154665
db:	JVNDB	id:	JVNDB-2019-007209
db:	CNNVD	id:	CNNVD-201907-1345
db:	NVD	id:	CVE-2019-10184

LAST UPDATE DATE

2025-06-27T21:16:21.998000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-24570	date:	2019-07-29T00:00:00
db:	JVNDB	id:	JVNDB-2019-007209	date:	2019-08-05T00:00:00
db:	CNNVD	id:	CNNVD-201907-1345	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2019-10184	date:	2024-11-21T04:18:36.287

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-24570	date:	2019-07-29T00:00:00
db:	PACKETSTORM	id:	154686	date:	2019-09-30T16:22:22
db:	PACKETSTORM	id:	154843	date:	2019-10-14T20:22:22
db:	PACKETSTORM	id:	154687	date:	2019-09-30T18:22:22
db:	PACKETSTORM	id:	154850	date:	2019-10-15T00:11:31
db:	PACKETSTORM	id:	154672	date:	2019-09-30T18:22:22
db:	PACKETSTORM	id:	154793	date:	2019-10-10T14:44:58
db:	PACKETSTORM	id:	156941	date:	2020-03-27T13:16:40
db:	PACKETSTORM	id:	154665	date:	2019-09-30T19:22:22
db:	JVNDB	id:	JVNDB-2019-007209	date:	2019-08-05T00:00:00
db:	CNNVD	id:	CNNVD-201907-1345	date:	2019-07-25T00:00:00
db:	NVD	id:	CVE-2019-10184	date:	2019-07-25T21:15:11.473