RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 (RHSA-2020:3638)

critical Nessus Plugin ID 140390

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3638 advisory.

- hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)

- jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672, CVE-2020-10673)

- dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)

- Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)

- hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)

- wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)

- wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)

- wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)

- wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)

- wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service (CVE-2020-14307)

- resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

- EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)

- Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)

- Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)

- jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

- jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

- jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

- jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/cve/CVE-2019-14900

https://access.redhat.com/security/cve/CVE-2020-1695

https://access.redhat.com/security/cve/CVE-2020-1710

https://access.redhat.com/security/cve/CVE-2020-1748

https://access.redhat.com/security/cve/CVE-2020-6950

https://access.redhat.com/security/cve/CVE-2020-8840

https://access.redhat.com/security/cve/CVE-2020-9546

https://access.redhat.com/security/cve/CVE-2020-9547

https://access.redhat.com/security/cve/CVE-2020-9548

https://access.redhat.com/security/cve/CVE-2020-10672

https://access.redhat.com/security/cve/CVE-2020-10673

https://access.redhat.com/security/cve/CVE-2020-10683

https://access.redhat.com/security/cve/CVE-2020-10687

https://access.redhat.com/security/cve/CVE-2020-10693

https://access.redhat.com/security/cve/CVE-2020-10714

https://access.redhat.com/security/cve/CVE-2020-10718

https://access.redhat.com/security/cve/CVE-2020-10740

https://access.redhat.com/security/cve/CVE-2020-14297

https://access.redhat.com/security/cve/CVE-2020-14307

https://access.redhat.com/errata/RHSA-2020:3638

https://bugzilla.redhat.com/1666499

https://bugzilla.redhat.com/1694235

https://bugzilla.redhat.com/1730462

https://bugzilla.redhat.com/1785049

https://bugzilla.redhat.com/1793970

https://bugzilla.redhat.com/1805006

https://bugzilla.redhat.com/1805501

https://bugzilla.redhat.com/1807707

https://bugzilla.redhat.com/1815470

https://bugzilla.redhat.com/1815495

https://bugzilla.redhat.com/1816330

https://bugzilla.redhat.com/1816332

https://bugzilla.redhat.com/1816337

https://bugzilla.redhat.com/1816340

https://bugzilla.redhat.com/1825714

https://bugzilla.redhat.com/1828476

https://bugzilla.redhat.com/1834512

https://bugzilla.redhat.com/1851327

https://bugzilla.redhat.com/1853595

Plugin Details

Severity: Critical

ID: 140390

File Name: redhat-RHSA-2020-3638.nasl

Version: 1.9

Type: local

Agent: unix

Published: 9/8/2020

Updated: 2/21/2024

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-8840

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2020-9548

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:eap7-dom4j, p-cpe:/a:redhat:enterprise_linux:eap7-glassfish-jsf, p-cpe:/a:redhat:enterprise_linux:eap7-hal-console, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-core, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-entitymanager, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-envers, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-java8, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-validator, p-cpe:/a:redhat:enterprise_linux:eap7-hibernate-validator-cdi, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-api, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-impl, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-spi, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-api, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-impl, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-deployers-common, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-jdbc, p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-validator, p-cpe:/a:redhat:enterprise_linux:eap7-jackson-databind, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap6.4-to-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.0-to-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.1-to-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.0-to-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly10.1-to-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly11.0-to-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly12.0-to-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly8.2-to-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-jboss-server-migration-wildfly9.0-to-eap7.2, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-atom-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-cdi, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-client, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-client-microprofile, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-crypto, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson2-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxb-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxrs, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jettison-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jose-jwt, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jsapi, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-binding-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-p-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-multipart-provider, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-rxjava2, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-spring, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-validator-provider-11, p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-yaml-provider, p-cpe:/a:redhat:enterprise_linux:eap7-undertow, p-cpe:/a:redhat:enterprise_linux:eap7-undertow-server, p-cpe:/a:redhat:enterprise_linux:eap7-weld-core, p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-impl, p-cpe:/a:redhat:enterprise_linux:eap7-weld-core-jsf, p-cpe:/a:redhat:enterprise_linux:eap7-weld-ejb, p-cpe:/a:redhat:enterprise_linux:eap7-weld-jta, p-cpe:/a:redhat:enterprise_linux:eap7-weld-probe-core, p-cpe:/a:redhat:enterprise_linux:eap7-weld-web, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-elytron, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-client-common, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-ejb-client, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-naming-client, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-transaction-client, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk11, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk8, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules, p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-transaction-client

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/7/2020

Vulnerability Publication Date: 2/10/2020

Reference Information

CVE: CVE-2019-14900, CVE-2020-10672, CVE-2020-10673, CVE-2020-10683, CVE-2020-10687, CVE-2020-10693, CVE-2020-10714, CVE-2020-10718, CVE-2020-10740, CVE-2020-14297, CVE-2020-14307, CVE-2020-1695, CVE-2020-1710, CVE-2020-1748, CVE-2020-6950, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548

CWE: 113, 20, 22, 285, 384, 400, 404, 444, 502, 611, 74, 749, 89, 96

IAVA: 2020-A-0019, 2020-A-0324, 2020-A-0326, 2021-A-0032, 2021-A-0035-S, 2021-A-0196, 2021-A-0326, 2021-A-0328

RHSA: 2020:3638