Resolution for OpenSSL CCS Injection Vulnerability (CVE-2014-0224) in Red Hat JBoss Middleware Products

Solution Unverified - Updated -

Issue

  • How do I avoid impact to a Red Hat JBoss application from CVE-2014-0224?
  • How do I know if my Red Hat JBoss application is vulnerable to CVE-2014-0224?
  • How does CVE-2014-0224 affect Red Hat JBoss EAP 5 ?
  • There are security advisories for CVE-2014-0224 which can be downloaded for EAP 5.2 and 6.2, but not for other versions. So does this vulnerability affect EAP 5.1.2 or EAP 6.1?
  • For JBOSSEAP 5.2.0, I can't find security advisories of CVE-2104-0224 for Linux platform.

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6.x
    • 5.x
  • Red Hat JBoss Enterprise Web Platform (EWP)
    • 5.x
  • Red Hat JBoss Enterprise Web Server (EWS)
    • 2.0.x
  • Using APR connector provided as Native component
  • OpenSSL library provided as Native component for Windows/Solaris

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content