JBoss Enterprise Application Platform 6.1.1 Update (RHSA-2013:1209)

medium Nessus Plugin ID 72238

Synopsis

The remote Red Hat host is missing a security update.

Description

The version of JBoss Enterprise Application Platform installed on the remote system is affected by the following issues :

- Flaws in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules can allow an attacker to perform cross-site scripting (XSS) attacks.
(CVE-2012-3499)

- Flaws in the web interface of the mod_proxy_balancer module can allow a remote attacker to perform XSS attacks. (CVE-2012-4558)

- A flaw in mod_rewrite can allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
(CVE-2013-1862)

- A flaw in the method by which the mod_dav module handles merge requests can allow an attacker to create a denial of service by sending a crafted merge request that contains URIs that are not configured for DAV.
(CVE-2013-1896)

- A flaw in PicketBox can allow local users to obtain the admin encryption key by reading the Vault data file.
(CVE-2013-1921)

- A flaw in Apache Santuario XML Security can allow context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak algorithm. (CVE-2013-2172)

- A flaw in JGroup's DiagnosticsHandler can allow remote attackers to obtain sensitive information and execute arbitrary code by re-using valid credentials.
(CVE-2013-4112)

Solution

Upgrade the installed JBoss Enterprise Application Platform 6.1.0 to 6.1.1 or later.

See Also

https://www.redhat.com/security/data/cve/CVE-2012-3499.html

https://www.redhat.com/security/data/cve/CVE-2012-4558.html

https://www.redhat.com/security/data/cve/CVE-2013-1862.html

https://www.redhat.com/security/data/cve/CVE-2013-1896.html

https://www.redhat.com/security/data/cve/CVE-2013-1921.html

https://www.redhat.com/security/data/cve/CVE-2013-2172.html

https://www.redhat.com/security/data/cve/CVE-2013-4112.html

Plugin Details

Severity: Medium

ID: 72238

File Name: redhat-RHSA-2013-1209.nasl

Version: 1.9

Type: local

Agent: unix

Published: 1/31/2014

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: cpe:/a:redhat:jboss_enterprise_application_platform:6.1.0

Required KB Items: Host/local_checks_enabled, Host/RedHat/release

Exploit Ease: No known exploits are available

Patch Publication Date: 9/4/2013

Vulnerability Publication Date: 2/18/2012

Reference Information

CVE: CVE-2012-3499, CVE-2012-4558, CVE-2013-1862, CVE-2013-1896, CVE-2013-1921, CVE-2013-2172, CVE-2013-4112

BID: 58165, 59826, 60846, 61129, 61179, 62256

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990

RHSA: 2013:1209