Red Hat Security Advisory: Red Hat JBoss Fuse 6.2.0 update
🔗 CVE IDs covered (10)
📋 Description
CVE-2013-7397 — async-http-client: SSL/TLS certificate verification is disabled under certain conditions CVE-2013-7398 — async-http-client: missing hostname verification for SSL certificates CVE-2014-0363 — smack: incorrect X.509 certificate validation CVE-2014-0364 — smack: IQ response spoofing CVE-2014-3577 — CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix CVE-2014-5075 — smack: MitM vulnerability CVE-2015-0226 — wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487) CVE-2015-0227 — wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property CVE-2015-1796 — Java: PKIX Trust Engines Exhibit Critical Flaw In Trusted Names Evaluation CVE-2016-3088 — activemq: Fileserver web application vulnerability allowing RCE
🔗 References (16)
- selfhttps://access.redhat.com/errata/RHSA-2015:1176
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=6.2.0
- externalhttps://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Fuse/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1093273
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1093276
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1112877
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1127276
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1129074
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1133769
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1133773
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1191446
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1191451
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1196619
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1205112
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1176.json