The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1670 advisory.

    Red Hat JBoss Enterprise Application Platform 6 is a platform for Java     applications based on JBoss Application Server 7.

    This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.2 and includes     bug fixes and enhancements. Documentation for these changes is available from the Red Hat JBoss Enterprise     Application Platform 6.4.3 Release Notes, linked to in the References.

    The following security issue is also fixed with this release:

    It was discovered that under specific conditions that PicketLink     IDP ignores role based authorization.  This could lead to an     authenticated user being able to access application resources     that are not permitted for a given role. (CVE-2015-3158)

    All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised     to upgrade to this updated package, which fixes these bugs and adds these enhancements. The JBoss server     process must be restarted for the update to take effect.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 6 : Red Hat JBoss Enterprise Application Platform (RHSA-2015:1670)

medium Nessus Plugin ID 85644

Version 2.10