This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
The version of JBoss Enterprise Application Platform installed on the
remote system is affected by the following issues :
- Flaws in the mod_info, mod_status, mod_imagemap,
mod_ldap, and mod_proxy_ftp modules can allow an
attacker to perform cross-site scripting (XSS) attacks.
- Flaws in the web interface of the mod_proxy_balancer
module can allow a remote attacker to perform XSS
- A flaw in mod_rewrite can allow remote attackers to
execute arbitrary commands via an HTTP request
containing an escape sequence for a terminal emulator.
- A flaw in the method by which the mod_dav module
handles merge requests can allow an attacker to create
a denial of service by sending a crafted merge request
that contains URIs that are not configured for DAV.
- A flaw in PicketBox can allow local users to obtain the
admin encryption key by reading the Vault data file.
- A flaw in Apache Santuario XML Security can allow
context-dependent attackers to spoof an XML Signature
by using the CanonicalizationMethod parameter to
specify an arbitrary weak algorithm. (CVE-2013-2172)
- A flaw in JGroup's DiagnosticsHandler can allow remote
attackers to obtain sensitive information and execute
arbitrary code by re-using valid credentials.
See also :
Upgrade the installed JBoss Enterprise Application Platform 6.1.0 to
6.1.1 or later.
Risk factor :
Medium / CVSS Base Score : 5.8
CVSS Temporal Score : 5.0
Public Exploit Available : false
Family: Red Hat Local Security Checks
Nessus Plugin ID: 72238 ()
Bugtraq ID: 581655982660846611296117962256
CVE ID: CVE-2012-3499CVE-2012-4558CVE-2013-1862CVE-2013-1896CVE-2013-1921CVE-2013-2172CVE-2013-4112
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.