Detections
Analytics

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.1.6 on RHEL 6 (RHSA-2019:0364)

high Nessus Plugin ID 122332

Language:

Synopsis

The remote Red Hat host is missing one or more security updates for Red Hat JBoss Enterprise Application Platform 7.1.6 on RHEL 6.

Description

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0364 advisory.

 - wildfly-core: Cross-site scripting (XSS) in JBoss Management Console (CVE-2018-10934)

 - undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer (CVE-2018-14642)

 - dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents (CVE-2018-1000632)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL Red Hat JBoss Enterprise Application Platform 7.1.6 on RHEL 6 package based on the guidance in RHSA-2019:0364.

See Also

http://www.nessus.org/u?2ae1b122

http://www.nessus.org/u?7bee5f5f

http://www.nessus.org/u?92f94c8a

https://access.redhat.com/errata/RHSA-2019:0364

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1615673

https://bugzilla.redhat.com/show_bug.cgi?id=1620529

https://bugzilla.redhat.com/show_bug.cgi?id=1628702

https://issues.redhat.com/browse/JBEAP-15311

https://issues.redhat.com/browse/JBEAP-15370

https://issues.redhat.com/browse/JBEAP-15373

https://issues.redhat.com/browse/JBEAP-15440

https://issues.redhat.com/browse/JBEAP-15443

https://issues.redhat.com/browse/JBEAP-15444

https://issues.redhat.com/browse/JBEAP-15461

https://issues.redhat.com/browse/JBEAP-15482

https://issues.redhat.com/browse/JBEAP-15483

https://issues.redhat.com/browse/JBEAP-15525

https://issues.redhat.com/browse/JBEAP-15528

https://issues.redhat.com/browse/JBEAP-15545

https://issues.redhat.com/browse/JBEAP-15619

https://issues.redhat.com/browse/JBEAP-15627

https://issues.redhat.com/browse/JBEAP-15747

https://issues.redhat.com/browse/JBEAP-15842

https://issues.redhat.com/browse/JBEAP-15852

https://issues.redhat.com/browse/JBEAP-15891

https://issues.redhat.com/browse/JBEAP-16015

https://issues.redhat.com/browse/JBEAP-9658

Plugin Details

Severity: High

ID: 122332

File Name: redhat-RHSA-2019-0364.nasl

Version: 1.9

Type: local

Agent: unix

Published: 2/20/2019

Updated: 6/19/2024

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2018-14642

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2018-1000632

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-impl, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-config, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-api, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hornetq-protocol, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-service-extensions, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-bridge, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-common, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jts-idlj, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-commons, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-cli, p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-tools, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-impl, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-core-client, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-entitymanager, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-envers, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-spi, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-server, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-validator, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-el-api_3.0_spec, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-wildfly8, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-util, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hqclient-protocol, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-api, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-api, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-common, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-native, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-ra, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-deployers-common, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jts-integration, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron, p-cpe:/a:redhat:enterprise_linux:eap7-undertow-jastow, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-jdbc, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-txframework, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-core, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-api, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-federation, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-journal, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-integration, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-databind, p-cpe:/a:redhat:enterprise_linux:eap7-jandex, p-cpe:/a:redhat:enterprise_linux:eap7-undertow, p-cpe:/a:redhat:enterprise_linux:eap7-jberet, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-compensations, p-cpe:/a:redhat:enterprise_linux:eap7-dom4j, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jdbc-store, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-simple-schema, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-server, p-cpe:/a:redhat:enterprise_linux:eap7-jbossws-common, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-impl, p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-rt, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-ejb-client, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-infinispan, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-bindings, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron-tool, p-cpe:/a:redhat:enterprise_linux:eap7-narayana, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly, p-cpe:/a:redhat:enterprise_linux:eap7-jberet-core, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jbosstxbridge, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-security-negotiation, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-client, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-dto, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-web-console-eap, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-java8, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-logmanager, p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-services, p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-impl, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jbossxts, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-selector, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-modules, p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-api

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/18/2019

Vulnerability Publication Date: 8/20/2018

Reference Information

CVE: CVE-2018-1000632, CVE-2018-10934, CVE-2018-14642

CWE: 200, 79, 88

RHSA: 2019:0364