RHSA-2014:0895Medium
Red Hat Security Advisory: Red Hat JBoss Data Grid 6.3.0 update
🔗 CVE IDs covered (7)
📋 Description
CVE-2014-0058 — EAP6: Plain text password logging during security audit CVE-2014-0059 — JBossSX/PicketBox: World readable audit.log file CVE-2014-0075 — Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter CVE-2014-0096 — Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs CVE-2014-0099 — Tomcat/JBossWeb: Request smuggling via malicious content length header CVE-2014-0119 — Tomcat/JBossWeb: XML parser hijack by malicious web application CVE-2014-3481 — JAX-RS: Information disclosure via XML eXternal Entity (XXE)
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2014:0895
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid&downloadType=distributions
- externalhttps://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1063641
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1063642
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1072776
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1088342
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1102030
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1102038
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0895.json