RHEL 5 : JBoss EAP (RHSA-2014:1286)
Medium Nessus Plugin ID 77827
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionUpdated packages that provide Red Hat JBoss Enterprise Application Platform 6.3.1 and fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions with escalated privileges, which might otherwise not be possible. This flaw could be used to perform various attacks, including but not restricted to, arbitrary code execution in systems that are otherwise secured by the Java Security Manager. (CVE-2014-3558)
This release of JBoss Enterprise Application Platform also includes bug fixes and enhancements. A list of these changes is available from the JBoss Enterprise Application Platform 6.3.1 Downloads page on the Customer Portal.
All users of Red Hat JBoss Enterprise Application Platform 6.3 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.
SolutionUpdate the affected packages.