RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.2.8 on RHEL 7 (RHSA-2020:2059)

critical Nessus Plugin ID 136498

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2059 advisory.

- jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

- cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)

- cxf: reflected XSS in the services listing page (CVE-2019-17573)

- undertow: Memory exhaustion issue in HttpReadListener via Expect: 100-continue header (CVE-2020-10705)

- undertow: invalid HTTP request with large chunk size (CVE-2020-10719)

- Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)

- SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader (CVE-2020-1729)

- Soteria: security identity corruption across concurrent threads (CVE-2020-1732)

- undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)

- undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)

- cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/cve/CVE-2019-10172

https://access.redhat.com/security/cve/CVE-2019-12423

https://access.redhat.com/security/cve/CVE-2019-17573

https://access.redhat.com/security/cve/CVE-2020-1719

https://access.redhat.com/security/cve/CVE-2020-1729

https://access.redhat.com/security/cve/CVE-2020-1732

https://access.redhat.com/security/cve/CVE-2020-1745

https://access.redhat.com/security/cve/CVE-2020-1757

https://access.redhat.com/security/cve/CVE-2020-7226

https://access.redhat.com/security/cve/CVE-2020-10705

https://access.redhat.com/security/cve/CVE-2020-10719

https://access.redhat.com/errata/RHSA-2020:2059

https://bugzilla.redhat.com/1715075

https://bugzilla.redhat.com/1752770

https://bugzilla.redhat.com/1796617

https://bugzilla.redhat.com/1797006

https://bugzilla.redhat.com/1797011

https://bugzilla.redhat.com/1801380

https://bugzilla.redhat.com/1801726

https://bugzilla.redhat.com/1802444

https://bugzilla.redhat.com/1803241

https://bugzilla.redhat.com/1807305

https://bugzilla.redhat.com/1828459

Plugin Details

Severity: Critical

ID: 136498

File Name: redhat-RHSA-2020-2059.nasl

Version: 1.11

Type: local

Agent: unix

Published: 5/12/2020

Updated: 3/12/2024

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-1745

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-cli, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-commons, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-core-client, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-dto, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hornetq-protocol, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-hqclient-protocol, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jdbc-store, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-client, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-jms-server, p-cpe:/a:redhat:enterprise_linux:eap7-jasypt, p-cpe:/a:redhat:enterprise_linux:eap7-javaee-security-soteria, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-journal, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-ra, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-selector, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-server, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-service-extensions, p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-tools, p-cpe:/a:redhat:enterprise_linux:eap7-javaee-security-soteria-enterprise, p-cpe:/a:redhat:enterprise_linux:eap7-jaxbintros, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4-to-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0-to-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1-to-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0-to-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1-to-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0-to-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0-to-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2-to-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0-to-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-jgroups, p-cpe:/a:redhat:enterprise_linux:eap7-jgroups-azure, p-cpe:/a:redhat:enterprise_linux:eap7-jgroups-kubernetes, p-cpe:/a:redhat:enterprise_linux:eap7-mod_cluster, p-cpe:/a:redhat:enterprise_linux:eap7-narayana, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-compensations, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jts-idlj, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-jts-integration, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-api, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-bridge, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-integration, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-restat-util, p-cpe:/a:redhat:enterprise_linux:eap7-narayana-txframework, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml, p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf, p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-rt, p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-services, p-cpe:/a:redhat:enterprise_linux:eap7-apache-cxf-tools, p-cpe:/a:redhat:enterprise_linux:eap7-bouncycastle, p-cpe:/a:redhat:enterprise_linux:eap7-bouncycastle-mail, p-cpe:/a:redhat:enterprise_linux:eap7-bouncycastle-pkix, p-cpe:/a:redhat:enterprise_linux:eap7-bouncycastle-prov, p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson, p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-core-asl, p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-jaxrs, p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-mapper-asl, p-cpe:/a:redhat:enterprise_linux:eap7-codehaus-jackson-xc, p-cpe:/a:redhat:enterprise_linux:eap7-cryptacular, p-cpe:/a:redhat:enterprise_linux:eap7-glassfish-el, p-cpe:/a:redhat:enterprise_linux:eap7-glassfish-el-impl, p-cpe:/a:redhat:enterprise_linux:eap7-glassfish-javamail, p-cpe:/a:redhat:enterprise_linux:eap7-glassfish-jsf, p-cpe:/a:redhat:enterprise_linux:eap7-hal-console, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-commons-annotations, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-search, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-search-backend-jgroups, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-search-backend-jms, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-search-engine, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-search-orm, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-search-serialization-avro, p-cpe:/a:redhat:enterprise_linux:eap7-httpcomponents-client, p-cpe:/a:redhat:enterprise_linux:eap7-httpcomponents-core, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-databind, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-saml-impl, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-security-api, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-security-impl, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-soap-api, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-xacml-api, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-xacml-impl, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-xacml-saml-api, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-xacml-saml-impl, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-xmlsec-api, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-xmlsec-impl, p-cpe:/a:redhat:enterprise_linux:eap7-picketbox, p-cpe:/a:redhat:enterprise_linux:eap7-picketbox-infinispan, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-atom-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-cdi, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-client, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-client-microprofile, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-crypto, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson2-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxb-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxrs, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jettison-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jose-jwt, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jsapi, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-binding-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-p-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-multipart-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-rxjava2, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-spring, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-validator-provider-11, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-yaml-provider, p-cpe:/a:redhat:enterprise_linux:eap7-smallrye-config, p-cpe:/a:redhat:enterprise_linux:eap7-smallrye-health, p-cpe:/a:redhat:enterprise_linux:eap7-undertow, p-cpe:/a:redhat:enterprise_linux:eap7-weld-cdi-2.0-api, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk11, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk8, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-naming-client, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-transaction-client, p-cpe:/a:redhat:enterprise_linux:eap7-ws-commons-xmlschema, p-cpe:/a:redhat:enterprise_linux:eap7-wss4j, p-cpe:/a:redhat:enterprise_linux:eap7-wss4j-bindings, p-cpe:/a:redhat:enterprise_linux:eap7-wss4j-policy, p-cpe:/a:redhat:enterprise_linux:eap7-wss4j-ws-security-common, p-cpe:/a:redhat:enterprise_linux:eap7-wss4j-ws-security-dom, p-cpe:/a:redhat:enterprise_linux:eap7-wss4j-ws-security-policy-stax, p-cpe:/a:redhat:enterprise_linux:eap7-wss4j-ws-security-stax, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-core, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-profile-api, p-cpe:/a:redhat:enterprise_linux:eap7-opensaml-saml-api

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/11/2020

Vulnerability Publication Date: 11/18/2019

Reference Information

CVE: CVE-2019-10172, CVE-2019-12423, CVE-2019-17573, CVE-2020-10705, CVE-2020-10719, CVE-2020-1719, CVE-2020-1729, CVE-2020-1732, CVE-2020-1745, CVE-2020-1757, CVE-2020-7226

CWE: 20, 200, 270, 284, 285, 400, 444, 522, 611, 770, 79, 863

RHSA: 2020:2059