JBoss Portal 6.1.0 Update (RHSA-2013:1437)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

The version of JBoss Enterprise Portal Platform on the remote system is
affected by the following issues:

- A flaw in CSRF prevention filter in JBoss Web could allow
remote attackers to bypass the cross-site request forgery
(CSRF) protection mechanism via a request that lacks a
session identifier. (CVE-2012-4431)

- A flaw that occurs when the COOKIE session tracking
method is used can allow attackers to hijack users'
sessions. (CVE-2012-4529)

- A flaw that occurs when multiple applications use the
same custom authorization module class name can allow a
local attacker to deploy a malicious application that
overrides the custom authorization modules provided by
other applications. (CVE-2012-4572)

- The framework does not verify that a specified
cryptographic algorithm is allowed by the
WS-SecurityPolicy AlgorithmSuite definition before
decrypting. This can allow remote attackers to force
the system to use weaker cryptographic algorithms than
intended and makes it easier to decrypt communications.
(CVE-2012-5575)

- A flaw in PicketBox can allow local users to obtain the
admin encryption key by reading the Vault data file.
(CVE-2013-1921)

- A session fixation flaw was found in the
FormAuthenticator module. (CVE-2013-2067)

- A flaw that occurs when a JGroups channel was started
results in the JGroups diagnostics service being enabled
by default with no authentication via IP multicast. A
remote attacker can make use of this flaw to read
diagnostics information. (CVE-2013-2102)

- A flaw in the StAX parser implementation can allow
remote attackers to cause a denial of service via
crafted XML. (CVE-2013-2160)

- A flaw in Apache Santuario XML Security can allow
context-dependent attackers to spoof an XML Signature
by using the CanonicalizationMethod parameter to
specify an arbitrary weak algorithm. (CVE-2013-2172)

- A flaw in JGroup's DiagnosticsHandler can allow remote
attackers to obtain sensitive information and execute
arbitrary code by re-using valid credentials.
(CVE-2013-4112)

- A flaw in the manner in which authenticated connections
were cached on the server by remote-naming can allow
remote attackers to hijack sessions by using a remoting
client. (CVE-2013-4128)

- A flaw in the manner in which connections for EJB
invocations were cached on the server can allow remote
attackers to hijack sessions by using an EJB client.
(CVE-2013-4213)

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=868202
https://bugzilla.redhat.com/show_bug.cgi?id=872059
https://bugzilla.redhat.com/show_bug.cgi?id=880443
https://bugzilla.redhat.com/show_bug.cgi?id=883636
https://bugzilla.redhat.com/show_bug.cgi?id=929197
https://bugzilla.redhat.com/show_bug.cgi?id=948106
https://bugzilla.redhat.com/show_bug.cgi?id=961779
https://bugzilla.redhat.com/show_bug.cgi?id=963984
https://bugzilla.redhat.com/show_bug.cgi?id=983489
https://bugzilla.redhat.com/show_bug.cgi?id=984795
https://bugzilla.redhat.com/show_bug.cgi?id=985359
https://bugzilla.redhat.com/show_bug.cgi?id=999263
https://www.redhat.com/security/data/cve/CVE-2012-4431.html
https://www.redhat.com/security/data/cve/CVE-2012-4529.html
https://www.redhat.com/security/data/cve/CVE-2012-4572.html
https://www.redhat.com/security/data/cve/CVE-2012-5575.html
https://www.redhat.com/security/data/cve/CVE-2013-1921.html
https://www.redhat.com/security/data/cve/CVE-2013-2067.html
https://www.redhat.com/security/data/cve/CVE-2013-2102.html
https://www.redhat.com/security/data/cve/CVE-2013-2160.html
https://www.redhat.com/security/data/cve/CVE-2013-2172.html
https://www.redhat.com/security/data/cve/CVE-2013-4112.html
https://www.redhat.com/security/data/cve/CVE-2013-4128.html
https://www.redhat.com/security/data/cve/CVE-2013-4213.html

Solution :

Upgrade the installed JBoss Portal 6.0.0 to 6.1.0 or later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false