The remote Red Hat host is missing a security update.
The version of JBoss Enterprise Application Platform installed on the remote system is affected by the following issues : - Flaws in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules can allow an attacker to perform cross-site scripting (XSS) attacks. (CVE-2012-3499) - Flaws in the web interface of the mod_proxy_balancer module can allow a remote attacker to perform XSS attacks. (CVE-2012-4558) - A flaw in mod_rewrite can allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. (CVE-2013-1862) - A flaw in the method by which the mod_dav module handles merge requests can allow an attacker to create a denial of service by sending a crafted merge request that contains URIs that are not configured for DAV. (CVE-2013-1896) - A flaw in PicketBox can allow local users to obtain the admin encryption key by reading the Vault data file. (CVE-2013-1921) - A flaw in Apache Santuario XML Security can allow context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak algorithm. (CVE-2013-2172) - A flaw in JGroup's DiagnosticsHandler can allow remote attackers to obtain sensitive information and execute arbitrary code by re-using valid credentials. (CVE-2013-4112)
Upgrade the installed JBoss Enterprise Application Platform 6.1.0 to 6.1.1 or later.