JBoss Enterprise Application Platform 6.1.0 Update (RHSA-2013:0833)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

The version of JBoss Enterprise Application Platform 6.0.1 running on
the remote system is vulnerable to the following issues:

- A man-in-the-middle attack is possible when applications
running on JBoss Web use the COOKIE session tracking
method. The flaw is in the
org.apache.catalina.connector.Response.encodeURL()
method. By making use of this, an attacker could obtain
a user's jsessionid and hijack their session.
(CVE-2012-4529)

- If multiple applications used the same custom
authorization module class name, a local attacker could
deploy a malicious application authorization module that
would permit or deny user access. (CVE-2012-4572)

- XML encryption backwards compatibility attacks could
allow an attacker to force a server to use insecure
legacy cryptosystems. (CVE-2012-5575)

- A NULL pointer dereference flaw could allow a malicious
OCSP to crash applications performing OCSP verification.
(CVE-2013-0166)

- An OpenSSL leaks timing information issue exists that
could allow a remote attacker to retrieve plaintext
from the encrypted packets. (CVE-2013-0169)

- The JBoss Enterprise Application Platform administrator
password and the sucker password are stored in a world-
readable, auto-install XML file created by the GUI
installer. (CVE-2013-0218)

- Tomcat incorrectly handles certain authentication
requests. A remote attacker could use this flaw to
inject a request that would get executed with a victim's
credentials. (CVE-2013-2067)

See also :

https://www.redhat.com/security/data/cve/CVE-2012-4529.html
https://www.redhat.com/security/data/cve/CVE-2012-4572.html
https://www.redhat.com/security/data/cve/CVE-2012-5575.html
https://www.redhat.com/security/data/cve/CVE-2013-0166.html
https://www.redhat.com/security/data/cve/CVE-2013-0169.html
https://www.redhat.com/security/data/cve/CVE-2013-0218.html
https://www.redhat.com/security/data/cve/CVE-2013-2067.html
http://www.nessus.org/u?c7770d98

Solution :

Upgrade the installed JBoss Enterprise Application Platform 6.0.1 to
6.1.0 or later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 66971 ()

Bugtraq ID: 57652
57778
59799
60040
60043
60045
60268

CVE ID: CVE-2012-4529
CVE-2012-4572
CVE-2012-5575
CVE-2013-0166
CVE-2013-0169
CVE-2013-0218
CVE-2013-2067