This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
An update is now available for Red Hat JBoss Enterprise Application
Platform 7.0 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 7.0.7
serves as a replacement for Red Hat JBoss Enterprise Application
Platform 7.0.6, and includes bug fixes and enhancements, which are
documented in the Release Notes linked to in the References.
Security Fix(es) :
* A deserialization flaw was discovered in jackson-databind which
could allow an unauthenticated user to perform code execution by
sending maliciously crafted input to the readValue method of the
* It was found that use of a JMS ObjectMessage does not safely handle
user-supplied data when deserializing objects. A remote attacker could
use this flaw to execute arbitrary code with the permissions of the
application using the JMS ObjectMessage. (CVE-2016-4978)
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.0
CVSS Temporal Score : 4.8
Public Exploit Available : false