Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.0.3 security update
🔗 CVE IDs covered (20)
📋 Description
CVE-2012-6153 — CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix CVE-2013-4002 — OpenJDK: XML parsing Denial of Service (JAXP, 8017298) CVE-2013-5855 — JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions CVE-2014-0005 — PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application CVE-2014-0075 — Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter CVE-2014-0096 — Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs CVE-2014-0099 — Tomcat/JBossWeb: Request smuggling via malicious content length header CVE-2014-0119 — Tomcat/JBossWeb: XML parser hijack by malicious web application CVE-2014-0193 — netty: DoS via memory exhaustion during data aggregation CVE-2014-0227 — Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter CVE-2014-3472 — Security: Invalid EJB caller role check implementation CVE-2014-3490 — RESTEasy: XXE via parameter entities CVE-2014-3530 — PicketLink: XXE via insecure DocumentBuilderFactory usage CVE-2014-3558 — Validator: JSM bypass via ReflectionHelper CVE-2014-3577 — CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix CVE-2014-3578 — Framework: Directory traversal CVE-2014-3625 — Framework: directory traversal flaw CVE-2014-3682 — jbpm-designer: XXE in BPMN2 import CVE-2014-8114 — UberFire: Information disclosure and RCE via insecure file upload/download servlets CVE-2014-8115 — Workbench: Insufficient authorization constraints
🔗 References (24)
- selfhttps://access.redhat.com/errata/RHSA-2015:0234
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=bpm.suite&downloadType=distributions&version=6.0.3
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1019176
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1049736
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1065139
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1072776
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1088342
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1092783
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1102030
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1102038
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1103815
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1107901
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1109196
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1112987
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1120495
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1129074
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1129916
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1131882
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1148260
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1165936
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1169544
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1169545
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0234.json