RHEL 6 : JBoss EAP (RHSA-2015:1670)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

An updated Red Hat JBoss Enterprise Application Platform 6.4.3 package
that fixes a security issue, several bugs and adds various
enhancements is now available for Red Hat Enterprise Linux 6.

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.

This release serves as a replacement for Red Hat JBoss Enterprise
Application Platform 6.4.2 and includes bug fixes and enhancements.
Documentation for these changes is available from the Red Hat JBoss
Enterprise Application Platform 6.4.3 Release Notes, linked to in the
References.

The following security issue is also fixed with this release :

It was discovered that under specific conditions that PicketLink IDP
ignores role based authorization. This could lead to an authenticated
user being able to access application resources that are not permitted
for a given role. (CVE-2015-3158)

All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red
Hat Enterprise Linux 6 are advised to upgrade to this updated package,
which fixes these bugs and adds these enhancements. The JBoss server
process must be restarted for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-3158.html
https://access.redhat.com/documentation/en-US/
http://rhn.redhat.com/errata/RHSA-2015-1670.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 3.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 85644 ()

Bugtraq ID:

CVE ID: CVE-2015-3158

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now