RHSA-2014:1904HighCVSS 4.8
Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.0 update
🔗 CVE IDs covered (7)
📋 Description
CVE-2012-6153 — CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix CVE-2013-2035 — HawtJNI: predictable temporary file name leading to local arbitrary code execution CVE-2014-0059 — JBossSX/PicketBox: World readable audit.log file CVE-2014-0227 — Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter CVE-2014-3481 — JAX-RS: Information disclosure via XML eXternal Entity (XXE) CVE-2014-3490 — RESTEasy: XXE via parameter entities CVE-2014-3577 — CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2014:1904
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=em&downloadType=securityPatches&version=3.3.0
- externalhttps://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Operations_Network/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=958618
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1063642
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1105242
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1107901
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1129074
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1129916
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_1904.json