This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
The version of JBoss Enterprise Application Platform installed on the
remote system is affected by the following issues :
- Flaws in the mod_info, mod_status, mod_imagemap,
mod_ldap, and mod_proxy_ftp modules can allow an
attacker to perform cross-site scripting (XSS) attacks.
- Flaws in the web interface of the mod_proxy_balancer
module can allow a remote attacker to perform XSS
- A flaw in mod_rewrite can allow remote attackers to
execute arbitrary commands via an HTTP request
containing an escape sequence for a terminal emulator.
- A flaw in the method by which the mod_dav module
handles merge requests can allow an attacker to create
a denial of service by sending a crafted merge request
that contains URIs that are not configured for DAV.
- A flaw in PicketBox can allow local users to obtain the
admin encryption key by reading the Vault data file.
- A flaw in Apache Santuario XML Security can allow
context-dependent attackers to spoof an XML Signature
by using the CanonicalizationMethod parameter to
specify an arbitrary weak algorithm. (CVE-2013-2172)
- A flaw in JGroup's DiagnosticsHandler can allow remote
attackers to obtain sensitive information and execute
arbitrary code by re-using valid credentials.
See also :
Upgrade the installed JBoss Enterprise Application Platform 6.1.0 to
6.1.1 or later.
Risk factor :
Medium / CVSS Base Score : 5.8
CVSS Temporal Score : 5.0
Public Exploit Available : false