Uploaded image for project: 'TomEE'
  1. TomEE
  2. TOMEE-2788

TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 7.0.7, 7.1.2, 8.0.1
    • 7.0.8, 8.0.2, 7.1.3
    • None
    • None

    Description

      TomEE plus version is using BouncyCastle(BC) 1.63 version which is affected by vulnerability CVE-2019-17359 (BDSA-2019-3168) with CVSS score of 7.5 which causes DenialOfService issue thereby causing OutOfMemory error. 

       
      Please confirm if this vulnerability impacts version 7.0.7, 7.1.2 and 8.0.1. ?

      Please upgrade to BC 1.64 which has an official fix to address this issue.

      Attachments

        Activity

          People

            jgallimore Jonathan Gallimore
            Jayaprakash Jayaprakash
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: