RHSA-2015:1177HighCVSS 4.8
Red Hat Security Advisory: Red Hat JBoss A-MQ 6.2.0 update
🔗 CVE IDs covered (4)
📋 Description
CVE-2014-3577 — CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix CVE-2015-0226 — wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487) CVE-2015-0227 — wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property CVE-2015-1796 — Java: PKIX Trust Engines Exhibit Critical Flaw In Trusted Names Evaluation
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2015:1177
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq&downloadType=distributions&version=6.2.0
- externalhttps://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_A-MQ/
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1129074
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1191446
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1191451
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1196619
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1205112
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1177.json