Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.1.0 update
🔗 CVE IDs covered (16)
📋 Description
CVE-2012-6153 — CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix CVE-2013-2133 — WS: EJB3 role restrictions are not applied to jaxws handlers CVE-2013-4517 — Java: Java XML Signature DoS Attack CVE-2013-7397 — async-http-client: SSL/TLS certificate verification is disabled under certain conditions CVE-2013-7398 — async-http-client: missing hostname verification for SSL certificates CVE-2014-0034 — CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid CVE-2014-0035 — CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy CVE-2014-0059 — JBossSX/PicketBox: World readable audit.log file CVE-2014-0109 — CXF: HTML content posted to SOAP endpoint could cause OOM errors CVE-2014-0110 — CXF: Large invalid content could cause temporary space to fill CVE-2014-3577 — CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix CVE-2014-3623 — CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods CVE-2014-7827 — Security: Wrong security context loaded when using SAML2 STS Login Module CVE-2014-7839 — RESTeasy: External entities expanded by DocumentProvider CVE-2014-8122 — Weld: Limited information disclosure via stale thread state CVE-2014-8125 — jBPM: BPMN2 file processing XXE in Process Execution
🔗 References (21)
- selfhttps://access.redhat.com/errata/RHSA-2015:0851
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=bpm.suite&downloadType=distributions&version=6.1.0
- externalhttps://access.redhat.com/documentation/en-US/Red_Hat_JBoss_BPM_Suite/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=969924
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1045257
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1063642
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1093526
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1093527
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1093529
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1093530
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1129074
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1129916
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1133769
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1133773
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1157304
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1160574
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1165328
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1169237
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1169553
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0851.json