RHSA-2015:0850HighCVSS 4.8

Red Hat Security Advisory: Red Hat JBoss BRMS 6.1.0 update

Published
April 16, 2015
Last Modified
June 27, 2026

🔗 CVE IDs covered (16)

📋 Description

CVE-2012-6153 — CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix CVE-2013-2133 — WS: EJB3 role restrictions are not applied to jaxws handlers CVE-2013-4517 — Java: Java XML Signature DoS Attack CVE-2013-7397 — async-http-client: SSL/TLS certificate verification is disabled under certain conditions CVE-2013-7398 — async-http-client: missing hostname verification for SSL certificates CVE-2014-0034 — CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid CVE-2014-0035 — CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy CVE-2014-0059 — JBossSX/PicketBox: World readable audit.log file CVE-2014-0109 — CXF: HTML content posted to SOAP endpoint could cause OOM errors CVE-2014-0110 — CXF: Large invalid content could cause temporary space to fill CVE-2014-3577 — CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix CVE-2014-3623 — CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods CVE-2014-7827 — Security: Wrong security context loaded when using SAML2 STS Login Module CVE-2014-7839 — RESTeasy: External entities expanded by DocumentProvider CVE-2014-8122 — Weld: Limited information disclosure via stale thread state CVE-2014-8125 — jBPM: BPMN2 file processing XXE in Process Execution

🔗 References (21)