Search

Chapter 6. Fixed Common Vulnerabilities and Exposures

download PDF

This section details Common Vulnerabilities and Exposures (CVEs) fixed in the AMQ Broker 7.9 release.

  • ENTMQBR-4071 - CVE-2020-13956 httpclient: apache-httpclient: incorrect handling of malformed authority component in request URIs
  • ENTMQBR-4677 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory
  • ENTMQBR-4775 - CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS
  • ENTMQBR-4779 - CVE-2021-3425 broker: Red Hat AMQ Broker: discloses JDBC username and password in the application log file
  • ENTMQBR-4795 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation
  • ENTMQBR-4829 - CVE-2021-21409 netty: Request smuggling via content-length header
  • ENTMQBR-4907 - CVE-2021-28163 jetty-server: jetty: Symlink directory exposes webapp directory contents
  • ENTMQBR-4911 - CVE-2021-28165 jetty-server: jetty: Resource exhaustion when receiving an invalid large TLS frame
  • ENTMQBR-4912 - CVE-2021-28164 jetty-server: jetty: Ambiguous paths can access WEB-INF
  • ENTMQBR-4960 - CVE-2021-29425 commons-io: apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6
  • ENTMQBR-5118 - CVE-2021-28169 jetty-server: jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory
  • ENTMQBR-5165 - CVE-2021-34428 jetty-server: jetty: SessionListener can prevent a session from being invalidated breaking logout
  • ENTMQBR-5229 - CVE-2021-20289 resteasy-jaxrs: resteasy: Error message exposes endpoint class information
  • ENTMQBR-5250 - CVE-2021-34429 jetty-server: jetty: crafted URIs allow bypassing security constraints
  • ENTMQBR-5398 - CVE-2021-3763 AMQ Broker 7: Incorrect privilege in Management Console
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.