This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated packages that provide Red Hat JBoss Enterprise Application
Platform 6.3.2 and fix one security issue, several bugs, and add
various enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.
A resource consumption issue was found in the way Xerces-J handled XML
declarations. A remote attacker could use an XML document with a
specially crafted declaration using a long pseudo-attribute name that,
when parsed by an application using Xerces-J, would cause that
application to use an excessive amount of CPU. (CVE-2013-4002)
This release of JBoss Enterprise Application Platform also includes
bug fixes and enhancements. A list of these changes is available from
the JBoss Enterprise Application Platform 6.3.2 Downloads page on the
All users of Red Hat JBoss Enterprise Application Platform 6.3 on Red
Hat Enterprise Linux 7 are advised to upgrade to these updated
packages. The JBoss server process must be restarted for the update to
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.1
CVSS Temporal Score : 5.3
Public Exploit Available : false