RHEL 7 : JBoss EAP (RHSA-2015:1671)
Medium Nessus Plugin ID 112240
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionAn updated Red Hat JBoss Enterprise Application Platform 6.4.3 package that fixes a security issue, several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 7.
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.2 and includes bug fixes and enhancements.
Documentation for these changes is available from the Red Hat JBoss Enterprise Application Platform 6.4.3 Release Notes, linked to in the References.
It was discovered that under specific conditions that PicketLink IDP ignores role based authorization. This could lead to an authenticated user being able to access application resources that are not permitted for a given role. (CVE-2015-3158)
All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to this updated package, which fixes these bugs and adds these enhancements. The JBoss server process must be restarted for the update to take effect.
SolutionUpdate the affected packages.