This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
An updated jboss-remoting package that fixes one security issue is now
available for JBoss Enterprise Application Platform 4.3 for Red Hat
Enterprise Linux 4 and 5.
The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.
JBoss Remoting is a framework for building distributed applications in
The JBoss Enterprise Application Platform 4.3.0.CP09 updates
RHSA-2010:0937 and RHSA-2010:0938 did not, unlike the errata texts
stated, provide a fix for CVE-2010-3862. A remote attacker could use
specially crafted input to cause the JBoss Remoting listeners to
become unresponsive, resulting in a denial of service condition for
services communicating via JBoss Remoting sockets. (CVE-2010-4265)
Red Hat would like to thank Ole Husgaard of eXerp.com for reporting
Warning: Before applying this update, backup your existing JBoss
Enterprise Application Platform installation (including all
applications and configuration files).
Users of JBoss Enterprise Application Platform 4.3 on Red Hat
Enterprise Linux 4 and 5 should upgrade to this updated package, which
contains a backported patch to correct this issue. The JBoss server
process must be restarted for this update to take effect.
See also :
Update the affected jboss-remoting package.
Risk factor :
Low / CVSS Base Score : 2.6
Family: Red Hat Local Security Checks
Nessus Plugin ID: 63965 ()
CVE ID: CVE-2010-3862CVE-2010-4265
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.