RHSA-2015:1888HighCVSS 4.8
Red Hat Security Advisory: Red Hat JBoss SOA Platform 5.3.1 security update
🔗 CVE IDs covered (7)
📋 Description
CVE-2012-6153 — CXF: SSL hostname verification bypass, incomplete CVE-2012-5783 fix CVE-2013-7285 — XStream: remote code execution due to insecure XML deserialization CVE-2014-0107 — Xalan-Java: insufficient constraints in secure processing feature CVE-2014-0248 — Seam: RCE via unsafe logging in AuthenticationFilter CVE-2014-3530 — PicketLink: XXE via insecure DocumentBuilderFactory usage CVE-2014-3577 — CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix CVE-2014-3604 — SSL: Hostname verification susceptible to MITM attack
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2015:1888
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=securityPatches&version=5.3.1+GA
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1051277
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1080248
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1101619
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1112987
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1129074
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1129916
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1131803
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1888.json