Red Hat Security Advisory: Red Hat JBoss Fuse 6.1.0 update
🔗 CVE IDs covered (12)
📋 Description
CVE-2013-1624 — bouncycastle: TLS CBC padding timing attack CVE-2013-2035 — HawtJNI: predictable temporary file name leading to local arbitrary code execution CVE-2013-2172 — Java: XML signature spoofing CVE-2013-2192 — hadoop: man-in-the-middle vulnerability CVE-2013-4152 — Framework: XML External Entity (XXE) injection flaw CVE-2013-4517 — Java: Java XML Signature DoS Attack CVE-2013-6429 — Framework: XML External Entity (XXE) injection flaw CVE-2013-6430 — Framework: org.spring.web.util.JavaScriptUtils.javaScriptEscape insufficient escaping of characters CVE-2014-0050 — apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream CVE-2014-0054 — Framework: incomplete fix for CVE-2013-7315/CVE-2013-6429 CVE-2014-1904 — Framework: cross-site scripting flaw when using Spring MVC CVE-2014-3584 — CXF: Denial of Service (DoS) via invalid JAX-RS SAML tokens
🔗 References (16)
- selfhttps://access.redhat.com/errata/RHSA-2014:0400
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=6.1.0
- externalhttps://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Fuse/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=958618
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=999263
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1000186
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1001326
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1039783
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1045257
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053290
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1062337
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1067265
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1075296
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1075328
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0400.json