Wiz
Vulnerability DatabaseCVE-2020-0159

CVE-2020-0159
NixOS vulnerability analysis and mitigation

Overview

Red Hat JBoss Enterprise Application Platform 7.2.6 security update (RHSA-2020:0159) was released on January 20, 2020, addressing multiple security vulnerabilities in the platform. This update was rated as having an Important security impact by Red Hat Product Security (Red Hat Advisory).

Technical details

The security update addresses multiple vulnerabilities including issues in Undertow HTTP server, JBoss CLI, Netty, Jackson-databind, and Hibernate-validator components. Notable fixes include a potential Denial of Service vulnerability in Undertow HTTP server (CVE-2019-14888), HTTP request smuggling in Netty (CVE-2019-16869), and multiple serialization gadget vulnerabilities in Jackson-databind affecting various packages (Red Hat Advisory).

Impact

The vulnerabilities could potentially lead to various security impacts including Denial of Service (DoS) in Undertow HTTP server, exposure of vault system property security attributes, HTTP request smuggling, and multiple serialization-related security issues that could potentially lead to code execution (Red Hat Advisory).

Mitigation and workarounds

Red Hat recommends users to update to JBoss Enterprise Application Platform 7.2.6, which serves as a replacement for version 7.2.5. Before applying the update, users should back up their existing Red Hat JBoss Enterprise Application Platform installation and deployed applications (Red Hat Advisory).

Additional resources

SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo