RHEL 7 : JBoss EAP (RHSA-2014:1287)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated packages that provide Red Hat JBoss Enterprise Application
Platform 6.3.1 and fix one security issue, several bugs, and add
various enhancements are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Low security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in
the References section.

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.

It was discovered that the implementation of
org.hibernate.validator.util.ReflectionHelper together with the
permissions required to run Hibernate Validator under the Java
Security Manager could allow a malicious application deployed in the
same application container to execute several actions with escalated
privileges, which might otherwise not be possible. This flaw could be
used to perform various attacks, including but not restricted to,
arbitrary code execution in systems that are otherwise secured by the
Java Security Manager. (CVE-2014-3558)

This release of JBoss Enterprise Application Platform also includes
bug fixes and enhancements. A list of these changes is available from
the JBoss Enterprise Application Platform 6.3.1 Downloads page on the
Customer Portal.

All users of Red Hat JBoss Enterprise Application Platform 6.3 on Red
Hat Enterprise Linux 7 are advised to upgrade to these updated
packages. The JBoss server process must be restarted for the update to
take effect.

See also :


Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 79050 ()

Bugtraq ID: 70101

CVE ID: CVE-2014-3558

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now