RHEL 6 : JBoss EAP (RHSA-2014:1818)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated packages that provide Red Hat JBoss Enterprise Application
Platform 6.3.2 and fix one security issue, several bugs, and add
various enhancements are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.

A resource consumption issue was found in the way Xerces-J handled XML
declarations. A remote attacker could use an XML document with a
specially crafted declaration using a long pseudo-attribute name that,
when parsed by an application using Xerces-J, would cause that
application to use an excessive amount of CPU. (CVE-2013-4002)

This release of JBoss Enterprise Application Platform also includes
bug fixes and enhancements. A list of these changes is available from
the JBoss Enterprise Application Platform 6.3.2 Downloads page on the
Customer Portal.

All users of Red Hat JBoss Enterprise Application Platform 6.3 on Red
Hat Enterprise Linux 6 are advised to upgrade to these updated
packages. The JBoss server process must be restarted for the update to
take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-4002.html
http://rhn.redhat.com/errata/RHSA-2014-1818.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 79115 ()

Bugtraq ID:

CVE ID: CVE-2013-4002

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now