You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by "Jayaprakash (Jira)" <ji...@apache.org> on 2020/03/20 07:52:00 UTC
[jira] [Updated] (TOMEE-2788) TomEE plus is affected by
CVE-2019-17359 (BDSA-2019-3168) vulnerability
[ https://issues.apache.org/jira/browse/TOMEE-2788?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jayaprakash updated TOMEE-2788:
-------------------------------
Description:
TomEE plus version is using BouncyCastle(BC) 1.63 version which is affected by vulnerability CVE-2019-17359 (BDSA-2019-3168) with CVSS score of 7.5 which causes DenialOfService issue thereby causing OutOfMemory error.
*Please confirm if this vulnerability impacts version 7.0.7, 7.1.2 and 8.0.1. ?*
Please upgrade to BC 1.64 which has an official fix to address this issue.
was:
TomEE plus version is using BouncyCastle(BC) 1.63 version which is affected by vulnerability CVE-2019-17359 (BDSA-2019-3168) with CVSS score of 7.5 which causes DenialOfService issue thereby causing OutOfMemory error.
Please upgrade to BC 1.64 which has an official fix to address this issue.
> TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability
> -----------------------------------------------------------------------
>
> Key: TOMEE-2788
> URL: https://issues.apache.org/jira/browse/TOMEE-2788
> Project: TomEE
> Issue Type: Bug
> Affects Versions: 7.0.7, 7.1.2, 8.0.1
> Reporter: Jayaprakash
> Priority: Major
>
> TomEE plus version is using BouncyCastle(BC) 1.63 version which is affected by vulnerability CVE-2019-17359 (BDSA-2019-3168) with CVSS score of 7.5 which causes DenialOfService issue thereby causing OutOfMemory error.
>
> *Please confirm if this vulnerability impacts version 7.0.7, 7.1.2 and 8.0.1. ?*
> Please upgrade to BC 1.64 which has an official fix to address this issue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)