RHEL 5 : JBoss EAP (RHSA-2013:1207)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Red Hat JBoss Enterprise Application Platform 6.1.1, which fixes
multiple security issues, various bugs, and adds enhancements, is now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.

This release serves as a replacement for Red Hat JBoss Enterprise
Application Platform 6.1.0, and includes bug fixes and enhancements.
Refer to the 6.1.1 Release Notes for information on the most
significant of these changes, available shortly from

Security fixes :

Cross-site scripting (XSS) flaws were found in the mod_info,
mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An
attacker could possibly use these flaws to perform XSS attacks if they
were able to make the victim's browser generate an HTTP request with a
specially crafted Host header. (CVE-2012-3499)

Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer
module's manager web interface. If a remote attacker could trick a
user, who was logged into the manager web interface, into visiting a
specially crafted URL, it would lead to arbitrary web script execution
in the context of the user's manager interface session.

A flaw was found in the way the mod_dav module handled merge requests.
An attacker could use this flaw to send a crafted merge request that
contains URIs that are not configured for DAV, causing the httpd child
process to crash. (CVE-2013-1896)

A flaw was found in the way Apache Santuario XML Security for Java
validated XML signatures. Santuario allowed a signature to specify an
arbitrary canonicalization algorithm, which would be applied to the
SignedInfo XML fragment. A remote attacker could exploit this to spoof
an XML signature via a specially crafted XML signature block.

It was found that mod_rewrite did not filter terminal escape sequences
from its log file. If mod_rewrite was configured with the RewriteLog
directive, a remote attacker could use specially crafted HTTP requests
to inject terminal escape sequences into the mod_rewrite log file. If
a victim viewed the log file with a terminal emulator, it could result
in arbitrary command execution with the privileges of that user.

The data file used by PicketBox Vault to store encrypted passwords
contains a copy of its own admin key. The file is encrypted using only
this admin key, not the corresponding JKS key. A local attacker with
permission to read the vault data file could read the admin key from
the file, and use it to decrypt the file and read the stored passwords
in clear text. (CVE-2013-1921)

A flaw was found in JGroup's DiagnosticsHandler that allowed an
attacker on an adjacent network to reuse the credentials from a
previous successful authentication. This could be exploited to read
diagnostic information (information disclosure) and attain limited
remote code execution. (CVE-2013-4112)

Warning: Before applying this update, back up your existing Red Hat
JBoss Enterprise Application Platform installation and deployed
applications. Refer to the Solution section for further details.

All users of Red Hat JBoss Enterprise Application Platform 6.1.0 on
Red Hat Enterprise Linux 5 are advised to upgrade to these updated
packages. The JBoss server process must be restarted for the update to
take effect.

See also :


Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.1
CVSS Temporal Score : 4.2
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 69882 ()

Bugtraq ID: 58165

CVE ID: CVE-2012-3499

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now