RHEL 6 : JBoss EAP (RHSA-2014:0563)
Low Nessus Plugin ID 74206
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionUpdated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.3 and fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information.
A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file. (CVE-2014-0059)
This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.2.2, and includes bug fixes and enhancements.
Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.2.3 Release Notes, linked to in the References.
All users of Red Hat JBoss Enterprise Application Platform 6.2 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.
SolutionUpdate the affected packages.