RHEL 5 / 6 : JBoss Web Server (RHSA-2012:1166)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated mod_cluster packages that fix one security issue are now
available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise
Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

mod_cluster is an Apache HTTP Server (httpd) based load balancer that
forwards requests from httpd to application server nodes. It can use
the AJP, HTTP, or HTTPS protocols for communication with application
server nodes.

The RHSA-2012:0035 update for JBoss Enterprise Web Server 1.0.2
introduced a regression, causing mod_cluster to register and expose
the root context of a server by default, even when 'ROOT' was in the
'excludedContexts' list in the mod_cluster configuration. If an
application was deployed on the root context, a remote attacker could
use this flaw to bypass intended access restrictions and gain access
to that application. (CVE-2012-1154)

Warning: Before applying the update, back up your existing JBoss
Enterprise Web Server installation (including all applications and
configuration files).

Users of JBoss Enterprise Web Server 1.0.2 on Red Hat Enterprise Linux
5 and 6 should upgrade to these updated packages, which resolve this
issue. Apache Tomcat must be restarted for this update to take effect.

See also :

https://rhn.redhat.com/errata/RHSA-2012-0035.html
https://access.redhat.com/errata/RHSA-2012:1166.html
https://www.redhat.com/security/data/cve/CVE-2012-1154.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.2
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 78929 ()

Bugtraq ID: 54086

CVE ID: CVE-2012-1154

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now