JBoss Enterprise Application Platform 6.1.1 Update (RHSA-2013:1209)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

The version of JBoss Enterprise Application Platform installed on the
remote system is affected by the following issues :

- Flaws in the mod_info, mod_status, mod_imagemap,
mod_ldap, and mod_proxy_ftp modules can allow an
attacker to perform cross-site scripting (XSS) attacks.
(CVE-2012-3499)

- Flaws in the web interface of the mod_proxy_balancer
module can allow a remote attacker to perform XSS
attacks. (CVE-2012-4558)

- A flaw in mod_rewrite can allow remote attackers to
execute arbitrary commands via an HTTP request
containing an escape sequence for a terminal emulator.
(CVE-2013-1862)

- A flaw in the method by which the mod_dav module
handles merge requests can allow an attacker to create
a denial of service by sending a crafted merge request
that contains URIs that are not configured for DAV.
(CVE-2013-1896)

- A flaw in PicketBox can allow local users to obtain the
admin encryption key by reading the Vault data file.
(CVE-2013-1921)

- A flaw in Apache Santuario XML Security can allow
context-dependent attackers to spoof an XML Signature
by using the CanonicalizationMethod parameter to
specify an arbitrary weak algorithm. (CVE-2013-2172)

- A flaw in JGroup's DiagnosticsHandler can allow remote
attackers to obtain sensitive information and execute
arbitrary code by re-using valid credentials.
(CVE-2013-4112)

See also :

https://www.redhat.com/security/data/cve/CVE-2012-3499.html
https://www.redhat.com/security/data/cve/CVE-2012-4558.html
https://www.redhat.com/security/data/cve/CVE-2013-1862.html
https://www.redhat.com/security/data/cve/CVE-2013-1896.html
https://www.redhat.com/security/data/cve/CVE-2013-1921.html
https://www.redhat.com/security/data/cve/CVE-2013-2172.html
https://www.redhat.com/security/data/cve/CVE-2013-4112.html

Solution :

Upgrade the installed JBoss Enterprise Application Platform 6.1.0 to
6.1.1 or later.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 72238 ()

Bugtraq ID: 58165
59826
60846
61129
61179
62256

CVE ID: CVE-2012-3499
CVE-2012-4558
CVE-2013-1862
CVE-2013-1896
CVE-2013-1921
CVE-2013-2172
CVE-2013-4112