RHEL 4 / 5 / 6 : mod_cluster (RHSA-2012:1052)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated mod_cluster packages that fix one security issue are now
available for JBoss Enterprise Application Platform 5.1.2 for Red Hat
Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

mod_cluster is an Apache HTTP Server (httpd) based load balancer that
forwards requests from httpd to application server nodes. It can use
the AJP, HTTP, or HTTPS protocols for communication with application
server nodes.

The JBoss Enterprise Application Platform 5.1.2 release
(RHSA-2011:1800, RHSA-2011:1799, RHSA-2011:1798) introduced a
regression, causing mod_cluster to register and expose the root
context of a server by default, even when 'ROOT' was in the
'excludedContexts' list in the mod_cluster configuration. If an
application was deployed on the root context, a remote attacker could
use this flaw to bypass intended access restrictions and gain access
to that application. (CVE-2012-1154)

Warning: Before applying this update, back up your JBoss Enterprise
Application Platform's 'server/[PROFILE]/deploy/' directory, along
with all other customized configuration files.

Users of JBoss Enterprise Application Platform 5.1.2 on Red Hat
Enterprise Linux 4, 5, and 6 should upgrade to these updated packages,
which correct this issue. The JBoss server process must be restarted
for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-1154.html
https://rhn.redhat.com/errata/RHSA-2011-1800.html
https://rhn.redhat.com/errata/RHSA-2011-1799.html
https://rhn.redhat.com/errata/RHSA-2011-1798.html
http://rhn.redhat.com/errata/RHSA-2012-1052.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.2
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 64045 ()

Bugtraq ID: 54086

CVE ID: CVE-2012-1154