Resolution for OpenSSL CCS Injection Vulnerability (CVE-2014-0224) in Red Hat JBoss Middleware Products

Solution Unverified - Updated -

Issue

  • How do I avoid impact to a Red Hat JBoss application from CVE-2014-0224?
  • How do I know if my Red Hat JBoss application is vulnerable to CVE-2014-0224?
  • How does CVE-2014-0224 affect Red Hat JBoss EAP 5 ?
  • There are security advisories for CVE-2014-0224 which can be downloaded for EAP 5.2 and 6.2, but not for other versions. So does this vulnerability affect EAP 5.1.2 or EAP 6.1?
  • For JBOSSEAP 5.2.0, I can't find security advisories of CVE-2104-0224 for Linux platform.

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6.x
    • 5.x
  • Red Hat JBoss Enterprise Web Platform (EWP)
    • 5.x
  • Red Hat JBoss Enterprise Web Server (EWS)
    • 2.0.x
  • Using APR connector provided as Native component
  • OpenSSL library provided as Native component for Windows/Solaris

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In