You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "Jayaprakash (Jira)" <ji...@apache.org> on 2020/03/20 05:41:00 UTC

[jira] [Created] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability

Jayaprakash created TOMEE-2788:
----------------------------------

             Summary: TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability
                 Key: TOMEE-2788
                 URL: https://issues.apache.org/jira/browse/TOMEE-2788
             Project: TomEE
          Issue Type: Bug
    Affects Versions: 8.0.1, 7.1.2, 7.0.7
            Reporter: Jayaprakash


TomEE plus version is using BouncyCastle(BC) 1.63 version which is affected by vulnerability CVE-2019-17359 (BDSA-2019-3168) with CVSS score of 7.5 which causes DenialOfService issue thereby causing OutOfMemory error. 

Please upgrade to BC 1.64 which has an official fix to address this issue.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)