Action not permitted
Modal body text goes here.
CVE-2013-4152
Vulnerability from cvelistv5
Published
2014-01-23 21:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:30:49.922Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/spring-projects/spring-framework/pull/317/files" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.gopivotal.com/security/cve-2013-4152" }, { "name": "61951", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/61951" }, { "name": "20131102 XXE Injection in Spring Framework", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2013/Nov/14" }, { "name": "RHSA-2014:0254", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0254.html" }, { "name": "20130822 CVE-2013-4152 XML External Entity (XXE) injection in Spring Framework", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://seclists.org/bugtraq/2013/Aug/154" }, { "name": "DSA-2842", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2842" }, { "name": "RHSA-2014:0212", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0212.html" }, { "name": "RHSA-2014:0400", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0400.html" }, { "name": "RHSA-2014:0245", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0245.html" }, { "name": "57915", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57915" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://jira.springsource.org/browse/SPR-10806" }, { "name": "56247", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/56247" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-08-22T00:00:00", "descriptions": [ { "lang": "en", "value": "The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-25T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/spring-projects/spring-framework/pull/317/files" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.gopivotal.com/security/cve-2013-4152" }, { "name": "61951", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/61951" }, { "name": "20131102 XXE Injection in Spring Framework", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2013/Nov/14" }, { "name": "RHSA-2014:0254", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0254.html" }, { "name": "20130822 CVE-2013-4152 XML External Entity (XXE) injection in Spring Framework", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://seclists.org/bugtraq/2013/Aug/154" }, { "name": "DSA-2842", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2842" }, { "name": "RHSA-2014:0212", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0212.html" }, { "name": "RHSA-2014:0400", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0400.html" }, { "name": "RHSA-2014:0245", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0245.html" }, { "name": "57915", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57915" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://jira.springsource.org/browse/SPR-10806" }, { "name": "56247", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/56247" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4152", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/spring-projects/spring-framework/pull/317/files", "refsource": "CONFIRM", "url": "https://github.com/spring-projects/spring-framework/pull/317/files" }, { "name": "http://www.gopivotal.com/security/cve-2013-4152", "refsource": "CONFIRM", "url": "http://www.gopivotal.com/security/cve-2013-4152" }, { "name": "61951", "refsource": "BID", "url": "http://www.securityfocus.com/bid/61951" }, { "name": "20131102 XXE Injection in Spring Framework", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2013/Nov/14" }, { "name": "RHSA-2014:0254", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0254.html" }, { "name": "20130822 CVE-2013-4152 XML External Entity (XXE) injection in Spring Framework", "refsource": "BUGTRAQ", "url": "http://seclists.org/bugtraq/2013/Aug/154" }, { "name": "DSA-2842", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2842" }, { "name": "RHSA-2014:0212", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0212.html" }, { "name": "RHSA-2014:0400", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0400.html" }, { "name": "RHSA-2014:0245", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0245.html" }, { "name": "57915", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57915" }, { "name": "https://jira.springsource.org/browse/SPR-10806", "refsource": "CONFIRM", "url": "https://jira.springsource.org/browse/SPR-10806" }, { "name": "56247", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56247" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4152", "datePublished": "2014-01-23T21:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:30:49.922Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2013-4152\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-01-23T21:55:04.853\",\"lastModified\":\"2022-04-11T17:36:29.913\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.\"},{\"lang\":\"es\",\"value\":\"El wrapper Spring OXM en Spring Framework anterior a la versi\u00f3n 3.2.4 y 4.0.0.M1, cuando se usa el JAXB marshaller, no desactiva la resoluci\u00f3n de entidad, lo que permite a atacantes dependientes del contexto leer archivos arbitrarios, provocar una denegaci\u00f3n de servicio, o llevar a cabo ataques de CSRF a trav\u00e9s de una declaraci\u00f3n de entidad XML externa en conjunci\u00f3n con una referencia de entidad en (1) DOMSource, (2) StAXSource, (3) SAXSource, o (4) StreamSource, tambi\u00e9n conocido como una vulnerabilidad XXE.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:springsource:spring_framework:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62111DAE-3E05-4D95-8B34-E2EFB6142DCA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:springsource:spring_framework:3.0.0:m1:*:*:*:*:*:*\",\"matchCriteriaId\":\"13E1344C-CB41-48FC-BB98-7FEBEBF190E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:springsource:spring_framework:3.0.0:m2:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD66E687-C387-486D-AC34-279961311A8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:springsource:spring_framework:3.0.0:m3:*:*:*:*:*:*\",\"matchCriteriaId\":\"49018DD7-9E85-4B4D-B054-CD17EFB13E87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:springsource:spring_framework:3.0.0:m4:*:*:*:*:*:*\",\"matchCriteriaId\":\"37FC3F37-A033-491B-96F0-8B38E2E43BFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:springsource:spring_framework:3.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"12021339-C885-4A9E-95C1-4695F3DC1F76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:springsource:spring_framework:3.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FB321B9-4838-4AAC-B8AF-C92015C946A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:springsource:spring_framework:3.0.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC19AE9E-B46C-4872-B562-E97DC80543F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:springsource:spring_framework:3.0.0.m1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32F4893D-61E6-4E7F-A30A-3AB96264531B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:springsource:spring_framework:3.0.0.m2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7F99079-D584-456B-A116-62D10FBF8233\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:springsource:spring_framework:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A9F796E-340B-4FF5-9322-94E57D7BCEE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:springsource:spring_framework:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8BA17FD-BC52-4D84-9753-5D41D3BC35B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:springsource:spring_framework:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"637484A7-AB05-4F64-9311-6741BDF2579F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:springsource:spring_framework:3.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAE5CFA5-769F-49E9-A7A9-56C8CED8692E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:springsource:spring_framework:3.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"528C85CE-2CC6-4B09-8C25-44A2B1C2D8B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.2.3\",\"matchCriteriaId\":\"EB86A413-9595-4BD1-A5FD-1A62B93EA1C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9D5172D-5E19-40C1-8C1B-CC22706E780D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46E410D2-DA53-4806-B296-451C3D9CDEEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20D6E5AC-9898-416F-8268-3623E1706072\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B61F3E25-A415-4A25-91D6-4FBA6F575AAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A2C4C81-2E79-411C-AEB8-A5E40FC28D31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"010915FE-3BCE-4652-8D8B-47EE085F3BEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D16C8EFA-F1E4-48C3-BC86-A132873426C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47CED0ED-D67E-48AF-BB1A-EB1030897A8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2E2EA60-735E-431E-BEFE-DC5C1046E532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFD1FA92-7BFC-4874-89FC-BE0F378F0DB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:4.0.0:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD20A2BE-2024-4DAA-825E-213ACB667DE9\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0212.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0245.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0254.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0400.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/bugtraq/2013/Aug/154\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2013/Nov/14\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/56247\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/57915\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2014/dsa-2842\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.gopivotal.com/security/cve-2013-4152\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/61951\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/spring-projects/spring-framework/pull/317/files\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://jira.springsource.org/browse/SPR-10806\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Patch\"]}]}}" } }
rhsa-2014_0212
Vulnerability from csaf_redhat
Published
2014-02-25 16:41
Modified
2024-11-22 07:29
Summary
Red Hat Security Advisory: Red Hat JBoss SOA Platform 5.3.1 update
Notes
Topic
Red Hat JBoss SOA Platform 5.3.1 roll up patch 4, which fixes two security
issues and various bugs, is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat JBoss SOA Platform is the next-generation ESB and business process
automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage
existing (MoM and EAI), modern (SOA and BPM-Rules), and future (EDA and
CEP) integration methodologies to dramatically improve business process
execution speed and quality.
This roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA
Platform 5.3.1. It includes various bug fixes. The following security
issues are also fixed with this release:
A flaw was found in the way Apache Santuario XML Security for Java
validated XML signatures. Santuario allowed a signature to specify an
arbitrary canonicalization algorithm, which would be applied to the
SignedInfo XML fragment. A remote attacker could exploit this to spoof an
XML signature via a specially-crafted XML signature block. (CVE-2013-2172)
It was discovered that the Spring OXM wrapper did not expose any property
for disabling entity resolution when using the JAXB unmarshaller. A remote
attacker could use this flaw to conduct XML External Entity (XXE) attacks
on web sites, and read files in the context of the user running the
application server. The patch for this flaw disables external entity
processing by default, and provides a configuration directive to re-enable
it. (CVE-2013-4152)
Warning: Before applying the update, back up your existing Red Hat JBoss
SOA Platform installation (including its databases, applications,
configuration files, and so on).
All users of Red Hat JBoss SOA Platform 5.3.1 as provided from the Red Hat
Customer Portal are advised to apply this roll up patch.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat JBoss SOA Platform 5.3.1 roll up patch 4, which fixes two security\nissues and various bugs, is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss SOA Platform is the next-generation ESB and business process\nautomation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage\nexisting (MoM and EAI), modern (SOA and BPM-Rules), and future (EDA and\nCEP) integration methodologies to dramatically improve business process\nexecution speed and quality.\n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA\nPlatform 5.3.1. It includes various bug fixes. The following security\nissues are also fixed with this release:\n\nA flaw was found in the way Apache Santuario XML Security for Java\nvalidated XML signatures. Santuario allowed a signature to specify an\narbitrary canonicalization algorithm, which would be applied to the\nSignedInfo XML fragment. A remote attacker could exploit this to spoof an\nXML signature via a specially-crafted XML signature block. (CVE-2013-2172)\n\nIt was discovered that the Spring OXM wrapper did not expose any property\nfor disabling entity resolution when using the JAXB unmarshaller. A remote\nattacker could use this flaw to conduct XML External Entity (XXE) attacks\non web sites, and read files in the context of the user running the\napplication server. The patch for this flaw disables external entity\nprocessing by default, and provides a configuration directive to re-enable\nit. (CVE-2013-4152)\n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nSOA Platform installation (including its databases, applications,\nconfiguration files, and so on).\n\nAll users of Red Hat JBoss SOA Platform 5.3.1 as provided from the Red Hat\nCustomer Portal are advised to apply this roll up patch.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2014:0212", "url": "https://access.redhat.com/errata/RHSA-2014:0212" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform\u0026downloadType=securityPatches\u0026version=5.3.1+GA", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform\u0026downloadType=securityPatches\u0026version=5.3.1+GA" }, { "category": "external", "summary": "999263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=999263" }, { "category": "external", "summary": "1000186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000186" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0212.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss SOA Platform 5.3.1 update", "tracking": { "current_release_date": "2024-11-22T07:29:22+00:00", "generator": { "date": "2024-11-22T07:29:22+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2014:0212", "initial_release_date": "2014-02-25T16:41:26+00:00", "revision_history": [ { "date": "2014-02-25T16:41:26+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-02-20T12:33:00+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T07:29:22+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss SOA Platform 5.3", "product": { "name": "Red Hat JBoss SOA Platform 5.3", "product_id": "Red Hat JBoss SOA Platform 5.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5.3" } } } ], "category": "product_family", "name": "Red Hat JBoss SOA Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2013-2172", "cwe": { "id": "CWE-290", "name": "Authentication Bypass by Spoofing" }, "discovery_date": "2013-08-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "999263" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java: XML signature spoofing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss SOA Platform 5.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2172" }, { "category": "external", "summary": "RHBZ#999263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=999263" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2172", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2172" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2172", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2172" }, { "category": "external", "summary": "http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc", "url": "http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc" } ], "release_date": "2013-06-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-02-25T16:41:26+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss SOA Platform installation (including its databases,\napplications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss SOA Platform server\nby stopping the JBoss Application Server process before installing this\nupdate, and then after installing the update, restart the Red Hat JBoss SOA\nPlatform server by starting the JBoss Application Server process.", "product_ids": [ "Red Hat JBoss SOA Platform 5.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0212" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss SOA Platform 5.3" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Java: XML signature spoofing" }, { "cve": "CVE-2013-4152", "discovery_date": "2013-08-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1000186" } ], "notes": [ { "category": "description", "text": "The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "Framework: XML External Entity (XXE) injection flaw", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss SOA Platform 5.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-4152" }, { "category": "external", "summary": "RHBZ#1000186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000186" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-4152", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4152" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4152", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4152" }, { "category": "external", "summary": "http://www.gopivotal.com/security/cve-2013-4152", "url": "http://www.gopivotal.com/security/cve-2013-4152" }, { "category": "external", "summary": "https://github.com/SpringSource/spring-framework/pull/317", "url": "https://github.com/SpringSource/spring-framework/pull/317" }, { "category": "external", "summary": "https://jira.springsource.org/browse/SPR-10806", "url": "https://jira.springsource.org/browse/SPR-10806" } ], "release_date": "2013-08-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-02-25T16:41:26+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss SOA Platform installation (including its databases,\napplications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss SOA Platform server\nby stopping the JBoss Application Server process before installing this\nupdate, and then after installing the update, restart the Red Hat JBoss SOA\nPlatform server by starting the JBoss Application Server process.", "product_ids": [ "Red Hat JBoss SOA Platform 5.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0212" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss SOA Platform 5.3" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Framework: XML External Entity (XXE) injection flaw" } ] }
rhsa-2014_0401
Vulnerability from csaf_redhat
Published
2014-04-14 13:46
Modified
2024-11-22 08:11
Summary
Red Hat Security Advisory: Red Hat JBoss A-MQ 6.1.0 update
Notes
Topic
Red Hat JBoss A-MQ 6.1.0, which fixes multiple security issues, several
bugs, and adds various enhancements, is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having
Moderate security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant
messaging system that is tailored for use in mission critical applications.
Red Hat JBoss A-MQ 6.1.0 is a minor product release that updates Red Hat
JBoss A-MQ 6.0.0 and includes several bug fixes and enhancements. Refer to
the Release Notes document, available from the link in the References
section, for a list of changes.
The following security issues are resolved with this update:
A flaw was found in the Apache Hadoop RPC protocol. A man-in-the-middle
attacker could possibly use this flaw to unilaterally disable bidirectional
authentication between a client and a server, forcing a downgrade to simple
(unidirectional) authentication. This flaw only affected users who have
enabled Hadoop's Kerberos security features. (CVE-2013-2192)
It was discovered that the Spring OXM wrapper did not expose any property
for disabling entity resolution when using the JAXB unmarshaller. A remote
attacker could use this flaw to conduct XML External Entity (XXE) attacks
on web sites, and read files in the context of the user running the
application server. The patch for this flaw disables external entity
processing by default, and provides a configuration directive to re-enable
it. (CVE-2013-4152)
It was found that the Spring MVC SourceHttpMessageConverter enabled entity
resolution by default. A remote attacker could use this flaw to conduct XXE
attacks on web sites, and read files in the context of the user running the
application server. The patch for this flaw disables external entity
processing by default, and introduces a property to re-enable it.
(CVE-2013-6429)
The Spring JavaScript escape method insufficiently escaped some characters.
Applications using this method to escape user-supplied content, which would
be rendered in HTML5 documents, could be exposed to cross-site scripting
(XSS) flaws. (CVE-2013-6430)
A denial of service flaw was found in the way Apache Commons FileUpload
handled small-sized buffers used by MultipartStream. A remote attacker
could use this flaw to create a malformed Content-Type header for a
multipart request, causing Apache Commons FileUpload to enter an infinite
loop when processing such an incoming request. (CVE-2014-0050)
It was found that fixes for the CVE-2013-4152 and CVE-2013-6429 XXE issues
in Spring were incomplete. Spring MVC processed user-provided XML and
neither disabled XML external entities nor provided an option to disable
them, possibly allowing a remote attacker to conduct XXE attacks.
(CVE-2014-0054)
A cross-site scripting (XSS) flaw was found in the Spring Framework when
using Spring MVC. When the action was not specified in a Spring form, the
action field would be populated with the requested URI, allowing an
attacker to inject malicious content into the form. (CVE-2014-1904)
The HawtJNI Library class wrote native libraries to a predictable file name
in /tmp when the native libraries were bundled in a JAR file, and no custom
library path was specified. A local attacker could overwrite these native
libraries with malicious versions during the window between when HawtJNI
writes them and when they are executed. (CVE-2013-2035)
An information disclosure flaw was found in the way Apache Zookeeper stored
the password of an administrative user in the log files. A local user with
access to these log files could use the exposed sensitive information to
gain administrative access to an application using Apache Zookeeper.
(CVE-2014-0085)
The CVE-2013-6430 issue was discovered by Jon Passki of Coverity SRL and
Arun Neelicattu of the Red Hat Security Response Team, the CVE-2013-2035
issue was discovered by Florian Weimer of the Red Hat Product Security
Team, and the CVE-2014-0085 issue was discovered by Graeme Colman of
Red Hat.
All users of Red Hat JBoss A-MQ 6.0.0 as provided from the Red Hat Customer
Portal are advised to apply this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat JBoss A-MQ 6.1.0, which fixes multiple security issues, several\nbugs, and adds various enhancements, is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant\nmessaging system that is tailored for use in mission critical applications.\n\nRed Hat JBoss A-MQ 6.1.0 is a minor product release that updates Red Hat\nJBoss A-MQ 6.0.0 and includes several bug fixes and enhancements. Refer to\nthe Release Notes document, available from the link in the References\nsection, for a list of changes.\n\nThe following security issues are resolved with this update:\n\nA flaw was found in the Apache Hadoop RPC protocol. A man-in-the-middle\nattacker could possibly use this flaw to unilaterally disable bidirectional\nauthentication between a client and a server, forcing a downgrade to simple\n(unidirectional) authentication. This flaw only affected users who have\nenabled Hadoop\u0027s Kerberos security features. (CVE-2013-2192)\n\nIt was discovered that the Spring OXM wrapper did not expose any property\nfor disabling entity resolution when using the JAXB unmarshaller. A remote\nattacker could use this flaw to conduct XML External Entity (XXE) attacks\non web sites, and read files in the context of the user running the\napplication server. The patch for this flaw disables external entity\nprocessing by default, and provides a configuration directive to re-enable\nit. (CVE-2013-4152)\n\nIt was found that the Spring MVC SourceHttpMessageConverter enabled entity\nresolution by default. A remote attacker could use this flaw to conduct XXE\nattacks on web sites, and read files in the context of the user running the\napplication server. The patch for this flaw disables external entity\nprocessing by default, and introduces a property to re-enable it.\n(CVE-2013-6429)\n\nThe Spring JavaScript escape method insufficiently escaped some characters.\nApplications using this method to escape user-supplied content, which would\nbe rendered in HTML5 documents, could be exposed to cross-site scripting\n(XSS) flaws. (CVE-2013-6430)\n\nA denial of service flaw was found in the way Apache Commons FileUpload\nhandled small-sized buffers used by MultipartStream. A remote attacker\ncould use this flaw to create a malformed Content-Type header for a\nmultipart request, causing Apache Commons FileUpload to enter an infinite\nloop when processing such an incoming request. (CVE-2014-0050)\n\nIt was found that fixes for the CVE-2013-4152 and CVE-2013-6429 XXE issues\nin Spring were incomplete. Spring MVC processed user-provided XML and\nneither disabled XML external entities nor provided an option to disable\nthem, possibly allowing a remote attacker to conduct XXE attacks.\n(CVE-2014-0054)\n\nA cross-site scripting (XSS) flaw was found in the Spring Framework when\nusing Spring MVC. When the action was not specified in a Spring form, the\naction field would be populated with the requested URI, allowing an\nattacker to inject malicious content into the form. (CVE-2014-1904)\n\nThe HawtJNI Library class wrote native libraries to a predictable file name\nin /tmp when the native libraries were bundled in a JAR file, and no custom\nlibrary path was specified. A local attacker could overwrite these native\nlibraries with malicious versions during the window between when HawtJNI\nwrites them and when they are executed. (CVE-2013-2035)\n\nAn information disclosure flaw was found in the way Apache Zookeeper stored\nthe password of an administrative user in the log files. A local user with\naccess to these log files could use the exposed sensitive information to\ngain administrative access to an application using Apache Zookeeper.\n(CVE-2014-0085)\n\nThe CVE-2013-6430 issue was discovered by Jon Passki of Coverity SRL and\nArun Neelicattu of the Red Hat Security Response Team, the CVE-2013-2035\nissue was discovered by Florian Weimer of the Red Hat Product Security\nTeam, and the CVE-2014-0085 issue was discovered by Graeme Colman of\nRed Hat.\n\nAll users of Red Hat JBoss A-MQ 6.0.0 as provided from the Red Hat Customer\nPortal are advised to apply this update.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2014:0401", "url": "https://access.redhat.com/errata/RHSA-2014:0401" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq\u0026downloadType=distributions\u0026version=6.1.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq\u0026downloadType=distributions\u0026version=6.1.0" }, { "category": "external", "summary": "https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_A-MQ/", "url": "https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_A-MQ/" }, { "category": "external", "summary": "958618", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958618" }, { "category": "external", "summary": "1000186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000186" }, { "category": "external", "summary": "1001326", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1001326" }, { "category": "external", "summary": "1039783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039783" }, { "category": "external", "summary": "1053290", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053290" }, { "category": "external", "summary": "1062337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337" }, { "category": "external", "summary": "1067265", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067265" }, { "category": "external", "summary": "1075296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1075296" }, { "category": "external", "summary": "1075328", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1075328" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0401.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss A-MQ 6.1.0 update", "tracking": { "current_release_date": "2024-11-22T08:11:43+00:00", "generator": { "date": "2024-11-22T08:11:43+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2014:0401", "initial_release_date": "2014-04-14T13:46:41+00:00", "revision_history": [ { "date": "2014-04-14T13:46:41+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-02-20T12:33:04+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T08:11:43+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss A-MQ 6.1", "product": { "name": "Red Hat JBoss A-MQ 6.1", "product_id": "Red Hat JBoss A-MQ 6.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_amq:6.1.0" } } } ], "category": "product_family", "name": "Red Hat JBoss AMQ" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2013-1624", "cwe": { "id": "CWE-385", "name": "Covert Timing Channel" }, "discovery_date": "2013-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "908428" } ], "notes": [ { "category": "description", "text": "It was discovered that bouncycastle leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: TLS CBC padding timing attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss A-MQ 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-1624" }, { "category": "external", "summary": "RHBZ#908428", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908428" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1624", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1624" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1624", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1624" }, { "category": "external", "summary": "http://www.isg.rhul.ac.uk/tls/", "url": "http://www.isg.rhul.ac.uk/tls/" }, { "category": "external", "summary": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf", "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf" } ], "release_date": "2013-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:41+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss A-MQ 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0401" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss A-MQ 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: TLS CBC padding timing attack" }, { "acknowledgments": [ { "names": [ "Florian Weimer" ], "organization": "Red Hat Product Security Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2013-2035", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2013-04-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "958618" } ], "notes": [ { "category": "description", "text": "The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed.", "title": "Vulnerability description" }, { "category": "summary", "text": "HawtJNI: predictable temporary file name leading to local arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss A-MQ 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2035" }, { "category": "external", "summary": "RHBZ#958618", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958618" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2035", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2035" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2035", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2035" } ], "release_date": "2013-05-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:41+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss A-MQ 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0401" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss A-MQ 6.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "HawtJNI: predictable temporary file name leading to local arbitrary code execution" }, { "cve": "CVE-2013-2192", "discovery_date": "2013-08-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1001326" } ], "notes": [ { "category": "description", "text": "The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication.", "title": "Vulnerability description" }, { "category": "summary", "text": "hadoop: man-in-the-middle vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss A-MQ 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2192" }, { "category": "external", "summary": "RHBZ#1001326", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1001326" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2192", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2192" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2192", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2192" } ], "release_date": "2013-08-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:41+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss A-MQ 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0401" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.2, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss A-MQ 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hadoop: man-in-the-middle vulnerability" }, { "cve": "CVE-2013-4152", "discovery_date": "2013-08-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1000186" } ], "notes": [ { "category": "description", "text": "The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "Framework: XML External Entity (XXE) injection flaw", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss A-MQ 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-4152" }, { "category": "external", "summary": "RHBZ#1000186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000186" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-4152", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4152" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4152", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4152" }, { "category": "external", "summary": "http://www.gopivotal.com/security/cve-2013-4152", "url": "http://www.gopivotal.com/security/cve-2013-4152" }, { "category": "external", "summary": "https://github.com/SpringSource/spring-framework/pull/317", "url": "https://github.com/SpringSource/spring-framework/pull/317" }, { "category": "external", "summary": "https://jira.springsource.org/browse/SPR-10806", "url": "https://jira.springsource.org/browse/SPR-10806" } ], "release_date": "2013-08-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:41+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss A-MQ 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0401" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss A-MQ 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Framework: XML External Entity (XXE) injection flaw" }, { "cve": "CVE-2013-6429", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2014-01-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1053290" } ], "notes": [ { "category": "description", "text": "The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.", "title": "Vulnerability description" }, { "category": "summary", "text": "Framework: XML External Entity (XXE) injection flaw", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss A-MQ 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-6429" }, { "category": "external", "summary": "RHBZ#1053290", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053290" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6429", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6429" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6429", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6429" }, { "category": "external", "summary": "http://www.gopivotal.com/security/cve-2013-6429", "url": "http://www.gopivotal.com/security/cve-2013-6429" } ], "release_date": "2014-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:41+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss A-MQ 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0401" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss A-MQ 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Framework: XML External Entity (XXE) injection flaw" }, { "acknowledgments": [ { "names": [ "Jon Passki" ], "organization": "Coverity SRL" }, { "names": [ "Arun Neelicattu" ], "organization": "Red Hat Security Response Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2013-6430", "discovery_date": "2013-12-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1039783" } ], "notes": [ { "category": "description", "text": "The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.", "title": "Vulnerability description" }, { "category": "summary", "text": "Framework: org.spring.web.util.JavaScriptUtils.javaScriptEscape insufficient escaping of characters", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss A-MQ 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-6430" }, { "category": "external", "summary": "RHBZ#1039783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039783" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6430", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6430" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6430", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6430" }, { "category": "external", "summary": "http://www.gopivotal.com/security/cve-2013-6430", "url": "http://www.gopivotal.com/security/cve-2013-6430" } ], "release_date": "2014-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:41+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss A-MQ 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0401" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss A-MQ 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Framework: org.spring.web.util.JavaScriptUtils.javaScriptEscape insufficient escaping of characters" }, { "cve": "CVE-2014-0050", "discovery_date": "2014-02-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1062337" } ], "notes": [ { "category": "description", "text": "A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat and JBoss Web, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter an infinite loop when processing such an incoming request.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss A-MQ 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0050" }, { "category": "external", "summary": "RHBZ#1062337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0050", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0050" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0050", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0050" } ], "release_date": "2014-02-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:41+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss A-MQ 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0401" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss A-MQ 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream" }, { "cve": "CVE-2014-0054", "discovery_date": "2014-03-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1075328" } ], "notes": [ { "category": "description", "text": "The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.", "title": "Vulnerability description" }, { "category": "summary", "text": "Framework: incomplete fix for CVE-2013-7315/CVE-2013-6429", "title": "Vulnerability summary" }, { "category": "other", "text": "The Red Hat Security Response Team has rated this issue as having Moderate security impact. OpenShift Enterprise 1 is currently in the Production 1 phase of its lifecycle, as such this issue is not currently planned to be addressed in future updates. For additional information, refer to the Satellite Life Cycle: https://access.redhat.com/site/support/policy/updates/openshift page.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss A-MQ 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0054" }, { "category": "external", "summary": "RHBZ#1075328", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1075328" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0054", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0054" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0054", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0054" }, { "category": "external", "summary": "http://www.gopivotal.com/security/cve-2014-0054", "url": "http://www.gopivotal.com/security/cve-2014-0054" } ], "release_date": "2014-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:41+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss A-MQ 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0401" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss A-MQ 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Framework: incomplete fix for CVE-2013-7315/CVE-2013-6429" }, { "acknowledgments": [ { "names": [ "Graeme Colman" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2014-0085", "cwe": { "id": "CWE-522", "name": "Insufficiently Protected Credentials" }, "discovery_date": "2014-02-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1067265" } ], "notes": [ { "category": "description", "text": "JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. This issue is a vulnerability in JBoss Fuse\u0027s usage of Apache Zookeeper, not in Zookeeper itself as was previously stated.", "title": "Vulnerability description" }, { "category": "summary", "text": "Fuse: admin user cleartext password appears in logging", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw only affects Apache Zookeeper in conjunction with Fuse Fabric. Fuse Fabric was storing cleartext passwords, which would appear as cleartext in Apache Zookeeper\u0027s log files. Fuse Fabric now encrypts passwords by default.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss A-MQ 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0085" }, { "category": "external", "summary": "RHBZ#1067265", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067265" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0085", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0085" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0085", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0085" } ], "release_date": "2014-04-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:41+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss A-MQ 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0401" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss A-MQ 6.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Fuse: admin user cleartext password appears in logging" }, { "cve": "CVE-2014-1904", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2014-03-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1075296" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.", "title": "Vulnerability description" }, { "category": "summary", "text": "Framework: cross-site scripting flaw when using Spring MVC", "title": "Vulnerability summary" }, { "category": "other", "text": "The Red Hat Security Response Team has rated this issue as having Moderate security impact. OpenShift Enterprise 1 is currently in the Production 1 phase of its lifecycle, as such this issue is not currently planned to be addressed in future updates. For additional information, refer to the Satellite Life Cycle: https://access.redhat.com/site/support/policy/updates/openshift page.\n\nFuse ESB Enterprise is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss A-MQ 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-1904" }, { "category": "external", "summary": "RHBZ#1075296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1075296" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-1904", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-1904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1904" }, { "category": "external", "summary": "http://www.gopivotal.com/security/cve-2014-1904", "url": "http://www.gopivotal.com/security/cve-2014-1904" } ], "release_date": "2014-02-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:41+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss A-MQ 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0401" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss A-MQ 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Framework: cross-site scripting flaw when using Spring MVC" } ] }
rhsa-2014_0254
Vulnerability from csaf_redhat
Published
2014-03-05 19:05
Modified
2024-11-22 07:38
Summary
Red Hat Security Advisory: activemq security update
Notes
Topic
An updated activemq package that fixes multiple security issues is now
available for Red Hat OpenShift Enterprise 1.2.7.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
Apache ActiveMQ provides a SOA infrastructure to connect processes across
heterogeneous systems.
A flaw was found in Apache Camel's parsing of the FILE_NAME header.
A remote attacker able to submit messages to a Camel route, which would
write the provided message to a file, could provide expression language
(EL) expressions in the FILE_NAME header, which would be evaluated on the
server. This could lead to arbitrary remote code execution in the context
of the Camel server process. (CVE-2013-4330)
It was found that the Apache Camel XSLT component allowed XSL stylesheets
to call external Java methods. A remote attacker able to submit messages to
a Camel route could use this flaw to perform arbitrary remote code
execution in the context of the Camel server process. (CVE-2014-0003)
It was discovered that the Spring OXM wrapper did not expose any property
for disabling entity resolution when using the JAXB unmarshaller. A remote
attacker could use this flaw to conduct XML External Entity (XXE) attacks
on web sites, and read files in the context of the user running the
application server. The patch for this flaw disables external entity
processing by default, and provides a configuration directive to re-enable
it. (CVE-2013-4152)
The HawtJNI Library class wrote native libraries to a predictable file name
in /tmp/ when the native libraries were bundled in a JAR file, and no
custom library path was specified. A local attacker could overwrite these
native libraries with malicious versions during the window between when
HawtJNI writes them and when they are executed. (CVE-2013-2035)
The CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat
Product Security Team, and the CVE-2014-0003 issue was discovered by David
Jorm of the Red Hat Security Response Team.
All users of Red Hat OpenShift Enterprise 1.2.7 are advised to upgrade to
this updated package, which corrects these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An updated activemq package that fixes multiple security issues is now\navailable for Red Hat OpenShift Enterprise 1.2.7.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Apache ActiveMQ provides a SOA infrastructure to connect processes across\nheterogeneous systems.\n\nA flaw was found in Apache Camel\u0027s parsing of the FILE_NAME header.\nA remote attacker able to submit messages to a Camel route, which would\nwrite the provided message to a file, could provide expression language\n(EL) expressions in the FILE_NAME header, which would be evaluated on the\nserver. This could lead to arbitrary remote code execution in the context\nof the Camel server process. (CVE-2013-4330)\n\nIt was found that the Apache Camel XSLT component allowed XSL stylesheets\nto call external Java methods. A remote attacker able to submit messages to\na Camel route could use this flaw to perform arbitrary remote code\nexecution in the context of the Camel server process. (CVE-2014-0003)\n\nIt was discovered that the Spring OXM wrapper did not expose any property\nfor disabling entity resolution when using the JAXB unmarshaller. A remote\nattacker could use this flaw to conduct XML External Entity (XXE) attacks\non web sites, and read files in the context of the user running the\napplication server. The patch for this flaw disables external entity\nprocessing by default, and provides a configuration directive to re-enable\nit. (CVE-2013-4152)\n\nThe HawtJNI Library class wrote native libraries to a predictable file name\nin /tmp/ when the native libraries were bundled in a JAR file, and no\ncustom library path was specified. A local attacker could overwrite these\nnative libraries with malicious versions during the window between when\nHawtJNI writes them and when they are executed. (CVE-2013-2035)\n\nThe CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat\nProduct Security Team, and the CVE-2014-0003 issue was discovered by David\nJorm of the Red Hat Security Response Team.\n\nAll users of Red Hat OpenShift Enterprise 1.2.7 are advised to upgrade to\nthis updated package, which corrects these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2014:0254", "url": "https://access.redhat.com/errata/RHSA-2014:0254" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "958618", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958618" }, { "category": "external", "summary": "1000186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000186" }, { "category": "external", "summary": "1011726", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1011726" }, { "category": "external", "summary": "1049692", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049692" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0254.json" } ], "title": "Red Hat Security Advisory: activemq security update", "tracking": { "current_release_date": "2024-11-22T07:38:53+00:00", "generator": { "date": "2024-11-22T07:38:53+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2014:0254", "initial_release_date": "2014-03-05T19:05:16+00:00", "revision_history": [ { "date": "2014-03-05T19:05:16+00:00", "number": "1", "summary": "Initial version" }, { "date": "2014-03-05T19:05:16+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T07:38:53+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHOSE Infrastructure 1.2", "product": { "name": "RHOSE Infrastructure 1.2", "product_id": "6Server-RHOSE-INFRA-1.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:1.2::el6" } } }, { "category": "product_name", "name": "Red Hat OpenShift Enterprise Node", "product": { "name": "Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE-1.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:1.2::el6" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "activemq-0:5.9.0-4.redhat.610328.el6op.src", "product": { "name": "activemq-0:5.9.0-4.redhat.610328.el6op.src", "product_id": "activemq-0:5.9.0-4.redhat.610328.el6op.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/activemq@5.9.0-4.redhat.610328.el6op?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "product": { "name": "activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "product_id": "activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/activemq-client@5.9.0-4.redhat.610328.el6op?arch=x86_64" } } }, { "category": "product_version", "name": "activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "product": { "name": "activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "product_id": "activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/activemq@5.9.0-4.redhat.610328.el6op?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "activemq-0:5.9.0-4.redhat.610328.el6op.src as a component of RHOSE Infrastructure 1.2", "product_id": "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src" }, "product_reference": "activemq-0:5.9.0-4.redhat.610328.el6op.src", "relates_to_product_reference": "6Server-RHOSE-INFRA-1.2" }, { "category": "default_component_of", "full_product_name": { "name": "activemq-0:5.9.0-4.redhat.610328.el6op.x86_64 as a component of RHOSE Infrastructure 1.2", "product_id": "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64" }, "product_reference": "activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "relates_to_product_reference": "6Server-RHOSE-INFRA-1.2" }, { "category": "default_component_of", "full_product_name": { "name": "activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64 as a component of RHOSE Infrastructure 1.2", "product_id": "6Server-RHOSE-INFRA-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" }, "product_reference": "activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "relates_to_product_reference": "6Server-RHOSE-INFRA-1.2" }, { "category": "default_component_of", "full_product_name": { "name": "activemq-0:5.9.0-4.redhat.610328.el6op.src as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src" }, "product_reference": "activemq-0:5.9.0-4.redhat.610328.el6op.src", "relates_to_product_reference": "6Server-RHOSE-NODE-1.2" }, { "category": "default_component_of", "full_product_name": { "name": "activemq-0:5.9.0-4.redhat.610328.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64" }, "product_reference": "activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "relates_to_product_reference": "6Server-RHOSE-NODE-1.2" }, { "category": "default_component_of", "full_product_name": { "name": "activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Node", "product_id": "6Server-RHOSE-NODE-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" }, "product_reference": "activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "relates_to_product_reference": "6Server-RHOSE-NODE-1.2" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Florian Weimer" ], "organization": "Red Hat Product Security Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2013-2035", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2013-04-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "958618" } ], "notes": [ { "category": "description", "text": "The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed.", "title": "Vulnerability description" }, { "category": "summary", "text": "HawtJNI: predictable temporary file name leading to local arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2035" }, { "category": "external", "summary": "RHBZ#958618", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958618" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2035", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2035" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2035", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2035" } ], "release_date": "2013-05-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-03-05T19:05:16+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0254" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "HawtJNI: predictable temporary file name leading to local arbitrary code execution" }, { "cve": "CVE-2013-4152", "discovery_date": "2013-08-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1000186" } ], "notes": [ { "category": "description", "text": "The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "Framework: XML External Entity (XXE) injection flaw", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-4152" }, { "category": "external", "summary": "RHBZ#1000186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000186" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-4152", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4152" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4152", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4152" }, { "category": "external", "summary": "http://www.gopivotal.com/security/cve-2013-4152", "url": "http://www.gopivotal.com/security/cve-2013-4152" }, { "category": "external", "summary": "https://github.com/SpringSource/spring-framework/pull/317", "url": "https://github.com/SpringSource/spring-framework/pull/317" }, { "category": "external", "summary": "https://jira.springsource.org/browse/SPR-10806", "url": "https://jira.springsource.org/browse/SPR-10806" } ], "release_date": "2013-08-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-03-05T19:05:16+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0254" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Framework: XML External Entity (XXE) injection flaw" }, { "cve": "CVE-2013-4330", "discovery_date": "2013-09-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1011726" } ], "notes": [ { "category": "description", "text": "Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including \"$simple{}\" in a CamelFileName message header to a (1) FILE or (2) FTP producer.", "title": "Vulnerability description" }, { "category": "summary", "text": "Camel: remote code execution via header field manipulation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-4330" }, { "category": "external", "summary": "RHBZ#1011726", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1011726" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-4330", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4330" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4330", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4330" } ], "release_date": "2013-09-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-03-05T19:05:16+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0254" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Camel: remote code execution via header field manipulation" }, { "acknowledgments": [ { "names": [ "David Jorm" ], "organization": "Red Hat Security Response Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2014-0003", "discovery_date": "2014-01-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1049692" } ], "notes": [ { "category": "description", "text": "The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.", "title": "Vulnerability description" }, { "category": "summary", "text": "Camel: remote code execution via XSL", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0003" }, { "category": "external", "summary": "RHBZ#1049692", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049692" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0003", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0003" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0003", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0003" }, { "category": "external", "summary": "http://camel.apache.org/security-advisories.data/CVE-2014-0003.txt.asc", "url": "http://camel.apache.org/security-advisories.data/CVE-2014-0003.txt.asc" } ], "release_date": "2014-02-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-03-05T19:05:16+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0254" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-1.2:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-1.2:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Camel: remote code execution via XSL" } ] }
rhsa-2014_0245
Vulnerability from csaf_redhat
Published
2014-03-03 18:25
Modified
2024-11-22 07:38
Summary
Red Hat Security Advisory: activemq security update
Notes
Topic
An updated activemq package that fixes multiple security issues is now
available for Red Hat OpenShift Enterprise 2.0.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
Apache ActiveMQ provides a SOA infrastructure to connect processes across
heterogeneous systems.
A flaw was found in Apache Camel's parsing of the FILE_NAME header.
A remote attacker able to submit messages to a Camel route, which would
write the provided message to a file, could provide expression language
(EL) expressions in the FILE_NAME header, which would be evaluated on the
server. This could lead to arbitrary remote code execution in the context
of the Camel server process. (CVE-2013-4330)
It was found that the Apache Camel XSLT component allowed XSL stylesheets
to call external Java methods. A remote attacker able to submit messages to
a Camel route could use this flaw to perform arbitrary remote code
execution in the context of the Camel server process. (CVE-2014-0003)
It was discovered that the Spring OXM wrapper did not expose any property
for disabling entity resolution when using the JAXB unmarshaller. A remote
attacker could use this flaw to conduct XML External Entity (XXE) attacks
on web sites, and read files in the context of the user running the
application server. The patch for this flaw disables external entity
processing by default, and provides a configuration directive to re-enable
it. (CVE-2013-4152)
The HawtJNI Library class wrote native libraries to a predictable file name
in /tmp/ when the native libraries were bundled in a JAR file, and no
custom library path was specified. A local attacker could overwrite these
native libraries with malicious versions during the window between when
HawtJNI writes them and when they are executed. (CVE-2013-2035)
The CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat
Product Security Team, and the CVE-2014-0003 issue was discovered by David
Jorm of the Red Hat Security Response Team.
All users of Red Hat OpenShift Enterprise 2.0 are advised to upgrade to
this updated package, which corrects these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An updated activemq package that fixes multiple security issues is now\navailable for Red Hat OpenShift Enterprise 2.0.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Apache ActiveMQ provides a SOA infrastructure to connect processes across\nheterogeneous systems.\n\nA flaw was found in Apache Camel\u0027s parsing of the FILE_NAME header.\nA remote attacker able to submit messages to a Camel route, which would\nwrite the provided message to a file, could provide expression language\n(EL) expressions in the FILE_NAME header, which would be evaluated on the\nserver. This could lead to arbitrary remote code execution in the context\nof the Camel server process. (CVE-2013-4330)\n\nIt was found that the Apache Camel XSLT component allowed XSL stylesheets\nto call external Java methods. A remote attacker able to submit messages to\na Camel route could use this flaw to perform arbitrary remote code\nexecution in the context of the Camel server process. (CVE-2014-0003)\n\nIt was discovered that the Spring OXM wrapper did not expose any property\nfor disabling entity resolution when using the JAXB unmarshaller. A remote\nattacker could use this flaw to conduct XML External Entity (XXE) attacks\non web sites, and read files in the context of the user running the\napplication server. The patch for this flaw disables external entity\nprocessing by default, and provides a configuration directive to re-enable\nit. (CVE-2013-4152)\n\nThe HawtJNI Library class wrote native libraries to a predictable file name\nin /tmp/ when the native libraries were bundled in a JAR file, and no\ncustom library path was specified. A local attacker could overwrite these\nnative libraries with malicious versions during the window between when\nHawtJNI writes them and when they are executed. (CVE-2013-2035)\n\nThe CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat\nProduct Security Team, and the CVE-2014-0003 issue was discovered by David\nJorm of the Red Hat Security Response Team.\n\nAll users of Red Hat OpenShift Enterprise 2.0 are advised to upgrade to\nthis updated package, which corrects these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2014:0245", "url": "https://access.redhat.com/errata/RHSA-2014:0245" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "958618", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958618" }, { "category": "external", "summary": "1000186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000186" }, { "category": "external", "summary": "1011726", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1011726" }, { "category": "external", "summary": "1049692", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049692" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0245.json" } ], "title": "Red Hat Security Advisory: activemq security update", "tracking": { "current_release_date": "2024-11-22T07:38:57+00:00", "generator": { "date": "2024-11-22T07:38:57+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2014:0245", "initial_release_date": "2014-03-03T18:25:38+00:00", "revision_history": [ { "date": "2014-03-03T18:25:38+00:00", "number": "1", "summary": "Initial version" }, { "date": "2014-03-03T18:25:38+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T07:38:57+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHOSE Infrastructure 2.0", "product": { "name": "RHOSE Infrastructure 2.0", "product_id": "6Server-RHOSE-INFRA-2.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:2.0::el6" } } }, { "category": "product_name", "name": "RHOSE Node 2.0", "product": { "name": "RHOSE Node 2.0", "product_id": "6Server-RHOSE-NODE-2.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:2.0::el6" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "activemq-0:5.9.0-4.redhat.610328.el6op.src", "product": { "name": "activemq-0:5.9.0-4.redhat.610328.el6op.src", "product_id": "activemq-0:5.9.0-4.redhat.610328.el6op.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/activemq@5.9.0-4.redhat.610328.el6op?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "product": { "name": "activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "product_id": "activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/activemq-client@5.9.0-4.redhat.610328.el6op?arch=x86_64" } } }, { "category": "product_version", "name": "activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "product": { "name": "activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "product_id": "activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/activemq@5.9.0-4.redhat.610328.el6op?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "activemq-0:5.9.0-4.redhat.610328.el6op.src as a component of RHOSE Infrastructure 2.0", "product_id": "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src" }, "product_reference": "activemq-0:5.9.0-4.redhat.610328.el6op.src", "relates_to_product_reference": "6Server-RHOSE-INFRA-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "activemq-0:5.9.0-4.redhat.610328.el6op.x86_64 as a component of RHOSE Infrastructure 2.0", "product_id": "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64" }, "product_reference": "activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "relates_to_product_reference": "6Server-RHOSE-INFRA-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64 as a component of RHOSE Infrastructure 2.0", "product_id": "6Server-RHOSE-INFRA-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" }, "product_reference": "activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "relates_to_product_reference": "6Server-RHOSE-INFRA-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "activemq-0:5.9.0-4.redhat.610328.el6op.src as a component of RHOSE Node 2.0", "product_id": "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src" }, "product_reference": "activemq-0:5.9.0-4.redhat.610328.el6op.src", "relates_to_product_reference": "6Server-RHOSE-NODE-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "activemq-0:5.9.0-4.redhat.610328.el6op.x86_64 as a component of RHOSE Node 2.0", "product_id": "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64" }, "product_reference": "activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "relates_to_product_reference": "6Server-RHOSE-NODE-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64 as a component of RHOSE Node 2.0", "product_id": "6Server-RHOSE-NODE-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" }, "product_reference": "activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "relates_to_product_reference": "6Server-RHOSE-NODE-2.0" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Florian Weimer" ], "organization": "Red Hat Product Security Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2013-2035", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2013-04-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "958618" } ], "notes": [ { "category": "description", "text": "The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed.", "title": "Vulnerability description" }, { "category": "summary", "text": "HawtJNI: predictable temporary file name leading to local arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2035" }, { "category": "external", "summary": "RHBZ#958618", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958618" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2035", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2035" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2035", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2035" } ], "release_date": "2013-05-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-03-03T18:25:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0245" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "HawtJNI: predictable temporary file name leading to local arbitrary code execution" }, { "cve": "CVE-2013-4152", "discovery_date": "2013-08-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1000186" } ], "notes": [ { "category": "description", "text": "The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "Framework: XML External Entity (XXE) injection flaw", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-4152" }, { "category": "external", "summary": "RHBZ#1000186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000186" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-4152", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4152" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4152", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4152" }, { "category": "external", "summary": "http://www.gopivotal.com/security/cve-2013-4152", "url": "http://www.gopivotal.com/security/cve-2013-4152" }, { "category": "external", "summary": "https://github.com/SpringSource/spring-framework/pull/317", "url": "https://github.com/SpringSource/spring-framework/pull/317" }, { "category": "external", "summary": "https://jira.springsource.org/browse/SPR-10806", "url": "https://jira.springsource.org/browse/SPR-10806" } ], "release_date": "2013-08-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-03-03T18:25:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0245" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Framework: XML External Entity (XXE) injection flaw" }, { "cve": "CVE-2013-4330", "discovery_date": "2013-09-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1011726" } ], "notes": [ { "category": "description", "text": "Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including \"$simple{}\" in a CamelFileName message header to a (1) FILE or (2) FTP producer.", "title": "Vulnerability description" }, { "category": "summary", "text": "Camel: remote code execution via header field manipulation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-4330" }, { "category": "external", "summary": "RHBZ#1011726", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1011726" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-4330", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4330" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4330", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4330" } ], "release_date": "2013-09-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-03-03T18:25:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0245" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Camel: remote code execution via header field manipulation" }, { "acknowledgments": [ { "names": [ "David Jorm" ], "organization": "Red Hat Security Response Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2014-0003", "discovery_date": "2014-01-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1049692" } ], "notes": [ { "category": "description", "text": "The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.", "title": "Vulnerability description" }, { "category": "summary", "text": "Camel: remote code execution via XSL", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0003" }, { "category": "external", "summary": "RHBZ#1049692", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049692" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0003", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0003" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0003", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0003" }, { "category": "external", "summary": "http://camel.apache.org/security-advisories.data/CVE-2014-0003.txt.asc", "url": "http://camel.apache.org/security-advisories.data/CVE-2014-0003.txt.asc" } ], "release_date": "2014-02-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-03-03T18:25:38+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0245" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, "products": [ "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-INFRA-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-INFRA-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.src", "6Server-RHOSE-NODE-2.0:activemq-0:5.9.0-4.redhat.610328.el6op.x86_64", "6Server-RHOSE-NODE-2.0:activemq-client-0:5.9.0-4.redhat.610328.el6op.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Camel: remote code execution via XSL" } ] }
rhsa-2014_0400
Vulnerability from csaf_redhat
Published
2014-04-14 13:46
Modified
2024-11-22 08:11
Summary
Red Hat Security Advisory: Red Hat JBoss Fuse 6.1.0 update
Notes
Topic
Red Hat JBoss Fuse 6.1.0, which fixes multiple security issues, several
bugs, and adds various enhancements, is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having
Moderate security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Red Hat JBoss Fuse 6.1.0 is a minor product release that updates Red Hat
JBoss Fuse 6.0.0, and includes several bug fixes and enhancements. Refer to
the Release Notes document, available from the link in the References
section, for a list of changes.
Details
Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint,
flexible, open source enterprise service bus and integration platform.
Security fixes:
A flaw was found in the way Apache Santuario XML Security for Java
validated XML signatures. Santuario allowed a signature to specify an
arbitrary canonicalization algorithm, which would be applied to the
SignedInfo XML fragment. A remote attacker could exploit this to spoof an
XML signature via a specially crafted XML signature block. (CVE-2013-2172)
A flaw was found in the Apache Hadoop RPC protocol. A man-in-the-middle
attacker could possibly use this flaw to unilaterally disable bidirectional
authentication between a client and a server, forcing a downgrade to simple
(unidirectional) authentication. This flaw only affected users who have
enabled Hadoop's Kerberos security features. (CVE-2013-2192)
It was discovered that the Spring OXM wrapper did not expose any property
for disabling entity resolution when using the JAXB unmarshaller. A remote
attacker could use this flaw to conduct XML External Entity (XXE) attacks
on web sites, and read files in the context of the user running the
application server. (CVE-2013-4152)
It was discovered that the Apache Santuario XML Security for Java project
allowed Document Type Definitions (DTDs) to be processed when applying
Transforms even when secure validation was enabled. A remote attacker could
use this flaw to exhaust all available memory on the system, causing a
denial of service. (CVE-2013-4517)
It was found that the Spring MVC SourceHttpMessageConverter enabled entity
resolution by default. A remote attacker could use this flaw to conduct XXE
attacks on web sites, and read files in the context of the user running the
application server. (CVE-2013-6429)
The Spring JavaScript escape method insufficiently escaped some characters.
Applications using this method to escape user-supplied content, which would
be rendered in HTML5 documents, could be exposed to cross-site scripting
(XSS) flaws. (CVE-2013-6430)
A denial of service flaw was found in the way Apache Commons FileUpload
handled small-sized buffers used by MultipartStream. A remote attacker
could use this flaw to create a malformed Content-Type header for a
multipart request, causing Apache Commons FileUpload to enter an infinite
loop when processing such an incoming request. (CVE-2014-0050)
It was found that fixes for the CVE-2013-4152 and CVE-2013-6429 XXE issues
in Spring were incomplete. Spring MVC processed user-provided XML and
neither disabled XML external entities nor provided an option to disable
them, possibly allowing a remote attacker to conduct XXE attacks.
(CVE-2014-0054)
A cross-site scripting (XSS) flaw was found in the Spring Framework when
using Spring MVC. When the action was not specified in a Spring form, the
action field would be populated with the requested URI, allowing an
attacker to inject malicious content into the form. (CVE-2014-1904)
The HawtJNI Library class wrote native libraries to a predictable file name
in /tmp when the native libraries were bundled in a JAR file, and no custom
library path was specified. A local attacker could overwrite these native
libraries with malicious versions during the window between when HawtJNI
writes them and when they are executed. (CVE-2013-2035)
An information disclosure flaw was found in the way Apache Zookeeper stored
the password of an administrative user in the log files. A local user with
access to these log files could use the exposed sensitive information to
gain administrative access to an application using Apache Zookeeper.
(CVE-2014-0085)
The CVE-2013-6430 issue was discovered by Jon Passki of Coverity SRL and
Arun Neelicattu of the Red Hat Security Response Team, the CVE-2013-2035
issue was discovered by Florian Weimer of the Red Hat Product Security
Team, and the CVE-2014-0085 issue was discovered by Graeme Colman of
Red Hat.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat JBoss Fuse 6.1.0, which fixes multiple security issues, several\nbugs, and adds various enhancements, is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nRed Hat JBoss Fuse 6.1.0 is a minor product release that updates Red Hat\nJBoss Fuse 6.0.0, and includes several bug fixes and enhancements. Refer to\nthe Release Notes document, available from the link in the References\nsection, for a list of changes.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint,\nflexible, open source enterprise service bus and integration platform.\n\nSecurity fixes:\n\nA flaw was found in the way Apache Santuario XML Security for Java\nvalidated XML signatures. Santuario allowed a signature to specify an\narbitrary canonicalization algorithm, which would be applied to the\nSignedInfo XML fragment. A remote attacker could exploit this to spoof an\nXML signature via a specially crafted XML signature block. (CVE-2013-2172)\n\nA flaw was found in the Apache Hadoop RPC protocol. A man-in-the-middle\nattacker could possibly use this flaw to unilaterally disable bidirectional\nauthentication between a client and a server, forcing a downgrade to simple\n(unidirectional) authentication. This flaw only affected users who have\nenabled Hadoop\u0027s Kerberos security features. (CVE-2013-2192)\n\nIt was discovered that the Spring OXM wrapper did not expose any property\nfor disabling entity resolution when using the JAXB unmarshaller. A remote\nattacker could use this flaw to conduct XML External Entity (XXE) attacks\non web sites, and read files in the context of the user running the\napplication server. (CVE-2013-4152)\n\nIt was discovered that the Apache Santuario XML Security for Java project\nallowed Document Type Definitions (DTDs) to be processed when applying\nTransforms even when secure validation was enabled. A remote attacker could\nuse this flaw to exhaust all available memory on the system, causing a\ndenial of service. (CVE-2013-4517)\n\nIt was found that the Spring MVC SourceHttpMessageConverter enabled entity\nresolution by default. A remote attacker could use this flaw to conduct XXE\nattacks on web sites, and read files in the context of the user running the\napplication server. (CVE-2013-6429)\n\nThe Spring JavaScript escape method insufficiently escaped some characters.\nApplications using this method to escape user-supplied content, which would\nbe rendered in HTML5 documents, could be exposed to cross-site scripting\n(XSS) flaws. (CVE-2013-6430)\n\nA denial of service flaw was found in the way Apache Commons FileUpload\nhandled small-sized buffers used by MultipartStream. A remote attacker\ncould use this flaw to create a malformed Content-Type header for a\nmultipart request, causing Apache Commons FileUpload to enter an infinite\nloop when processing such an incoming request. (CVE-2014-0050)\n\nIt was found that fixes for the CVE-2013-4152 and CVE-2013-6429 XXE issues\nin Spring were incomplete. Spring MVC processed user-provided XML and\nneither disabled XML external entities nor provided an option to disable\nthem, possibly allowing a remote attacker to conduct XXE attacks.\n(CVE-2014-0054)\n\nA cross-site scripting (XSS) flaw was found in the Spring Framework when\nusing Spring MVC. When the action was not specified in a Spring form, the\naction field would be populated with the requested URI, allowing an\nattacker to inject malicious content into the form. (CVE-2014-1904)\n\nThe HawtJNI Library class wrote native libraries to a predictable file name\nin /tmp when the native libraries were bundled in a JAR file, and no custom\nlibrary path was specified. A local attacker could overwrite these native\nlibraries with malicious versions during the window between when HawtJNI\nwrites them and when they are executed. (CVE-2013-2035)\n\nAn information disclosure flaw was found in the way Apache Zookeeper stored\nthe password of an administrative user in the log files. A local user with\naccess to these log files could use the exposed sensitive information to\ngain administrative access to an application using Apache Zookeeper.\n(CVE-2014-0085)\n\nThe CVE-2013-6430 issue was discovered by Jon Passki of Coverity SRL and\nArun Neelicattu of the Red Hat Security Response Team, the CVE-2013-2035\nissue was discovered by Florian Weimer of the Red Hat Product Security\nTeam, and the CVE-2014-0085 issue was discovered by Graeme Colman of\nRed Hat.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2014:0400", "url": "https://access.redhat.com/errata/RHSA-2014:0400" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=distributions\u0026version=6.1.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=distributions\u0026version=6.1.0" }, { "category": "external", "summary": "https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Fuse/", "url": "https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Fuse/" }, { "category": "external", "summary": "958618", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958618" }, { "category": "external", "summary": "999263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=999263" }, { "category": "external", "summary": "1000186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000186" }, { "category": "external", "summary": "1001326", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1001326" }, { "category": "external", "summary": "1039783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039783" }, { "category": "external", "summary": "1045257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045257" }, { "category": "external", "summary": "1053290", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053290" }, { "category": "external", "summary": "1062337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337" }, { "category": "external", "summary": "1067265", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067265" }, { "category": "external", "summary": "1075296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1075296" }, { "category": "external", "summary": "1075328", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1075328" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0400.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Fuse 6.1.0 update", "tracking": { "current_release_date": "2024-11-22T08:11:58+00:00", "generator": { "date": "2024-11-22T08:11:58+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2014:0400", "initial_release_date": "2014-04-14T13:46:50+00:00", "revision_history": [ { "date": "2014-04-14T13:46:50+00:00", "number": "1", "summary": "Initial version" }, { "date": "2014-04-14T14:27:37+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T08:11:58+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Fuse 6.1", "product": { "name": "Red Hat JBoss Fuse 6.1", "product_id": "Red Hat JBoss Fuse 6.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_fuse:6.1.0" } } } ], "category": "product_family", "name": "Fuse Enterprise Middleware" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2013-1624", "cwe": { "id": "CWE-385", "name": "Covert Timing Channel" }, "discovery_date": "2013-02-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "908428" } ], "notes": [ { "category": "description", "text": "It was discovered that bouncycastle leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle.", "title": "Vulnerability description" }, { "category": "summary", "text": "bouncycastle: TLS CBC padding timing attack", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-1624" }, { "category": "external", "summary": "RHBZ#908428", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=908428" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-1624", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1624" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1624", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1624" }, { "category": "external", "summary": "http://www.isg.rhul.ac.uk/tls/", "url": "http://www.isg.rhul.ac.uk/tls/" }, { "category": "external", "summary": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf", "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf" } ], "release_date": "2013-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:50+00:00", "details": "All users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer\nPortal are advised to apply this update.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0400" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Fuse 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bouncycastle: TLS CBC padding timing attack" }, { "acknowledgments": [ { "names": [ "Florian Weimer" ], "organization": "Red Hat Product Security Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2013-2035", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2013-04-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "958618" } ], "notes": [ { "category": "description", "text": "The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed.", "title": "Vulnerability description" }, { "category": "summary", "text": "HawtJNI: predictable temporary file name leading to local arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2035" }, { "category": "external", "summary": "RHBZ#958618", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958618" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2035", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2035" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2035", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2035" } ], "release_date": "2013-05-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:50+00:00", "details": "All users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer\nPortal are advised to apply this update.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0400" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Fuse 6.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "HawtJNI: predictable temporary file name leading to local arbitrary code execution" }, { "cve": "CVE-2013-2172", "cwe": { "id": "CWE-290", "name": "Authentication Bypass by Spoofing" }, "discovery_date": "2013-08-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "999263" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java: XML signature spoofing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2172" }, { "category": "external", "summary": "RHBZ#999263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=999263" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2172", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2172" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2172", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2172" }, { "category": "external", "summary": "http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc", "url": "http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc" } ], "release_date": "2013-06-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:50+00:00", "details": "All users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer\nPortal are advised to apply this update.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0400" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Fuse 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Java: XML signature spoofing" }, { "cve": "CVE-2013-2192", "discovery_date": "2013-08-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1001326" } ], "notes": [ { "category": "description", "text": "The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication.", "title": "Vulnerability description" }, { "category": "summary", "text": "hadoop: man-in-the-middle vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2192" }, { "category": "external", "summary": "RHBZ#1001326", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1001326" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2192", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2192" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2192", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2192" } ], "release_date": "2013-08-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:50+00:00", "details": "All users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer\nPortal are advised to apply this update.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0400" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.2, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Fuse 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hadoop: man-in-the-middle vulnerability" }, { "cve": "CVE-2013-4152", "discovery_date": "2013-08-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1000186" } ], "notes": [ { "category": "description", "text": "The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "Framework: XML External Entity (XXE) injection flaw", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-4152" }, { "category": "external", "summary": "RHBZ#1000186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000186" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-4152", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4152" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4152", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4152" }, { "category": "external", "summary": "http://www.gopivotal.com/security/cve-2013-4152", "url": "http://www.gopivotal.com/security/cve-2013-4152" }, { "category": "external", "summary": "https://github.com/SpringSource/spring-framework/pull/317", "url": "https://github.com/SpringSource/spring-framework/pull/317" }, { "category": "external", "summary": "https://jira.springsource.org/browse/SPR-10806", "url": "https://jira.springsource.org/browse/SPR-10806" } ], "release_date": "2013-08-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:50+00:00", "details": "All users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer\nPortal are advised to apply this update.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0400" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Fuse 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Framework: XML External Entity (XXE) injection flaw" }, { "cve": "CVE-2013-4517", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2013-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1045257" } ], "notes": [ { "category": "description", "text": "It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions (DTDs) to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java: Java XML Signature DoS Attack", "title": "Vulnerability summary" }, { "category": "other", "text": "Fuse ESB 4, Fuse Message Broker 5.2, 5.3, 5.4, Fuse Mediation Router 2.7, 2.8 and Fuse Services Framework 2.3, 2.4 are now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/\n\nFuse ESB Enterprise is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/\n\nRed Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 4; Red Hat JBoss Enterprise Data Services Platform 5; Red Hat JBoss Enterprise Portal Platform 4 and 5; and Red Hat JBoss Enterprise SOA Platform 4 and 5 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-4517" }, { "category": "external", "summary": "RHBZ#1045257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045257" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-4517", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4517" } ], "release_date": "2013-11-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:50+00:00", "details": "All users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer\nPortal are advised to apply this update.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0400" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Fuse 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Java: Java XML Signature DoS Attack" }, { "cve": "CVE-2013-6429", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2014-01-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1053290" } ], "notes": [ { "category": "description", "text": "The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.", "title": "Vulnerability description" }, { "category": "summary", "text": "Framework: XML External Entity (XXE) injection flaw", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-6429" }, { "category": "external", "summary": "RHBZ#1053290", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053290" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6429", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6429" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6429", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6429" }, { "category": "external", "summary": "http://www.gopivotal.com/security/cve-2013-6429", "url": "http://www.gopivotal.com/security/cve-2013-6429" } ], "release_date": "2014-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:50+00:00", "details": "All users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer\nPortal are advised to apply this update.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0400" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Fuse 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Framework: XML External Entity (XXE) injection flaw" }, { "acknowledgments": [ { "names": [ "Jon Passki" ], "organization": "Coverity SRL" }, { "names": [ "Arun Neelicattu" ], "organization": "Red Hat Security Response Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2013-6430", "discovery_date": "2013-12-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1039783" } ], "notes": [ { "category": "description", "text": "The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.", "title": "Vulnerability description" }, { "category": "summary", "text": "Framework: org.spring.web.util.JavaScriptUtils.javaScriptEscape insufficient escaping of characters", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-6430" }, { "category": "external", "summary": "RHBZ#1039783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039783" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6430", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6430" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6430", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6430" }, { "category": "external", "summary": "http://www.gopivotal.com/security/cve-2013-6430", "url": "http://www.gopivotal.com/security/cve-2013-6430" } ], "release_date": "2014-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:50+00:00", "details": "All users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer\nPortal are advised to apply this update.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0400" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Fuse 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Framework: org.spring.web.util.JavaScriptUtils.javaScriptEscape insufficient escaping of characters" }, { "cve": "CVE-2014-0050", "discovery_date": "2014-02-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1062337" } ], "notes": [ { "category": "description", "text": "A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat and JBoss Web, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter an infinite loop when processing such an incoming request.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0050" }, { "category": "external", "summary": "RHBZ#1062337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0050", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0050" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0050", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0050" } ], "release_date": "2014-02-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:50+00:00", "details": "All users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer\nPortal are advised to apply this update.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0400" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Fuse 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream" }, { "cve": "CVE-2014-0054", "discovery_date": "2014-03-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1075328" } ], "notes": [ { "category": "description", "text": "The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.", "title": "Vulnerability description" }, { "category": "summary", "text": "Framework: incomplete fix for CVE-2013-7315/CVE-2013-6429", "title": "Vulnerability summary" }, { "category": "other", "text": "The Red Hat Security Response Team has rated this issue as having Moderate security impact. OpenShift Enterprise 1 is currently in the Production 1 phase of its lifecycle, as such this issue is not currently planned to be addressed in future updates. For additional information, refer to the Satellite Life Cycle: https://access.redhat.com/site/support/policy/updates/openshift page.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0054" }, { "category": "external", "summary": "RHBZ#1075328", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1075328" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0054", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0054" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0054", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0054" }, { "category": "external", "summary": "http://www.gopivotal.com/security/cve-2014-0054", "url": "http://www.gopivotal.com/security/cve-2014-0054" } ], "release_date": "2014-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:50+00:00", "details": "All users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer\nPortal are advised to apply this update.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0400" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Fuse 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Framework: incomplete fix for CVE-2013-7315/CVE-2013-6429" }, { "acknowledgments": [ { "names": [ "Graeme Colman" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2014-0085", "cwe": { "id": "CWE-522", "name": "Insufficiently Protected Credentials" }, "discovery_date": "2014-02-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1067265" } ], "notes": [ { "category": "description", "text": "JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. This issue is a vulnerability in JBoss Fuse\u0027s usage of Apache Zookeeper, not in Zookeeper itself as was previously stated.", "title": "Vulnerability description" }, { "category": "summary", "text": "Fuse: admin user cleartext password appears in logging", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw only affects Apache Zookeeper in conjunction with Fuse Fabric. Fuse Fabric was storing cleartext passwords, which would appear as cleartext in Apache Zookeeper\u0027s log files. Fuse Fabric now encrypts passwords by default.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0085" }, { "category": "external", "summary": "RHBZ#1067265", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067265" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0085", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0085" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0085", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0085" } ], "release_date": "2014-04-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:50+00:00", "details": "All users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer\nPortal are advised to apply this update.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0400" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Fuse 6.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Fuse: admin user cleartext password appears in logging" }, { "cve": "CVE-2014-1904", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2014-03-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1075296" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.", "title": "Vulnerability description" }, { "category": "summary", "text": "Framework: cross-site scripting flaw when using Spring MVC", "title": "Vulnerability summary" }, { "category": "other", "text": "The Red Hat Security Response Team has rated this issue as having Moderate security impact. OpenShift Enterprise 1 is currently in the Production 1 phase of its lifecycle, as such this issue is not currently planned to be addressed in future updates. For additional information, refer to the Satellite Life Cycle: https://access.redhat.com/site/support/policy/updates/openshift page.\n\nFuse ESB Enterprise is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-1904" }, { "category": "external", "summary": "RHBZ#1075296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1075296" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-1904", "url": "https://www.cve.org/CVERecord?id=CVE-2014-1904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-1904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1904" }, { "category": "external", "summary": "http://www.gopivotal.com/security/cve-2014-1904", "url": "http://www.gopivotal.com/security/cve-2014-1904" } ], "release_date": "2014-02-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:50+00:00", "details": "All users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer\nPortal are advised to apply this update.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0400" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Fuse 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Framework: cross-site scripting flaw when using Spring MVC" }, { "cve": "CVE-2014-3584", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2014-10-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1157330" } ], "notes": [ { "category": "description", "text": "The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.", "title": "Vulnerability description" }, { "category": "summary", "text": "CXF: Denial of Service (DoS) via invalid JAX-RS SAML tokens", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect Apache CXF as shipped with Red Hat JBoss Enterprise Application Platform 5 and 6; Red Hat JBoss Enterprise Web Platform 5; Red Hat JBoss SOA Platform 5; Red Hat JBoss Fuse Service Works 6; Red Hat JBoss BRMS 5 and 6; Red Hat JBoss BPM Suite 6; Red Hat JBoss Data Virtualization 6; Red Hat JBoss Operations Network 3 and Red Hat JBoss Portal Platform 6 as the REST Web Services endpoints are not available.\n\nFuse ESB Enterprise 7 is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-3584" }, { "category": "external", "summary": "RHBZ#1157330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1157330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-3584", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3584" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3584", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3584" } ], "release_date": "2014-10-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-14T13:46:50+00:00", "details": "All users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer\nPortal are advised to apply this update.\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Red Hat JBoss Fuse 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0400" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Fuse 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "CXF: Denial of Service (DoS) via invalid JAX-RS SAML tokens" } ] }
gsd-2013-4152
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2013-4152", "description": "The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.", "id": "GSD-2013-4152", "references": [ "https://www.debian.org/security/2014/dsa-2842", "https://access.redhat.com/errata/RHSA-2014:0401", "https://access.redhat.com/errata/RHSA-2014:0400", "https://access.redhat.com/errata/RHSA-2014:0254", "https://access.redhat.com/errata/RHSA-2014:0245", "https://access.redhat.com/errata/RHSA-2014:0212", "https://advisories.mageia.org/CVE-2013-4152.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2013-4152" ], "details": "The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.", "id": "GSD-2013-4152", "modified": "2023-12-13T01:22:16.860844Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4152", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/spring-projects/spring-framework/pull/317/files", "refsource": "CONFIRM", "url": "https://github.com/spring-projects/spring-framework/pull/317/files" }, { "name": "http://www.gopivotal.com/security/cve-2013-4152", "refsource": "CONFIRM", "url": "http://www.gopivotal.com/security/cve-2013-4152" }, { "name": "61951", "refsource": "BID", "url": "http://www.securityfocus.com/bid/61951" }, { "name": "20131102 XXE Injection in Spring Framework", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2013/Nov/14" }, { "name": "RHSA-2014:0254", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0254.html" }, { "name": "20130822 CVE-2013-4152 XML External Entity (XXE) injection in Spring Framework", "refsource": "BUGTRAQ", "url": "http://seclists.org/bugtraq/2013/Aug/154" }, { "name": "DSA-2842", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2842" }, { "name": "RHSA-2014:0212", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0212.html" }, { "name": "RHSA-2014:0400", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0400.html" }, { "name": "RHSA-2014:0245", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0245.html" }, { "name": "57915", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57915" }, { "name": "https://jira.springsource.org/browse/SPR-10806", "refsource": "CONFIRM", "url": "https://jira.springsource.org/browse/SPR-10806" }, { "name": "56247", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56247" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "[3.0.0.RELEASE,3.2.4.RELEASE),[4.0.0.RELEASE,4.0.1.RELEASE)", "affected_versions": "All versions starting from 3.0.0.RELEASE before 3.2.4.RELEASE, all versions starting from 4 before 4.0.1.RELEASE", "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "cwe_ids": [ "CWE-1035", "CWE-264", "CWE-937" ], "date": "2016-11-28", "description": "The Spring OXM wrapper when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.", "fixed_versions": [ "3.2.4.RELEASE", "4.0.1.RELEASE" ], "identifier": "CVE-2013-4152", "identifiers": [ "CVE-2013-4152" ], "not_impacted": "All versions before 3.0.0.RELEASE, all versions starting from 3.2.4.RELEASE before 4.0.0.RELEASE, all versions starting from 4.0.1.RELEASE", "package_slug": "maven/org.springframework/spring-oxm", "pubdate": "2014-01-23", "solution": "Upgrade to versions 3.2.4.RELEASE, 4.0.1.RELEASE or above.", "title": "Improper Restriction of XML External Entity Reference", "urls": [ "http://www.gopivotal.com/security/cve-2013-4152", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4152" ], "uuid": "cd2f351b-40c4-4c72-aa2a-babb1e23b4d7" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.2.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:springsource:spring_framework:3.0.0.m2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:springsource:spring_framework:3.0.0.m1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:springsource:spring_framework:3.0.0:m1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:springsource:spring_framework:3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:springsource:spring_framework:3.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:springsource:spring_framework:3.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:springsource:spring_framework:3.0.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:springsource:spring_framework:3.0.0:m4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:springsource:spring_framework:3.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:springsource:spring_framework:3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:springsource:spring_framework:3.0.0:m3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:springsource:spring_framework:3.0.0:m2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:3.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:4.0.0:milestone1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:springsource:spring_framework:3.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:springsource:spring_framework:3.0.0:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:springsource:spring_framework:3.0.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4152" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-264" } ] } ] }, "references": { "reference_data": [ { "name": "20130822 CVE-2013-4152 XML External Entity (XXE) injection in Spring Framework", "refsource": "BUGTRAQ", "tags": [], "url": "http://seclists.org/bugtraq/2013/Aug/154" }, { "name": "http://www.gopivotal.com/security/cve-2013-4152", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "http://www.gopivotal.com/security/cve-2013-4152" }, { "name": "https://github.com/spring-projects/spring-framework/pull/317/files", "refsource": "CONFIRM", "tags": [ "Patch" ], "url": "https://github.com/spring-projects/spring-framework/pull/317/files" }, { "name": "DSA-2842", "refsource": "DEBIAN", "tags": [], "url": "http://www.debian.org/security/2014/dsa-2842" }, { "name": "20131102 XXE Injection in Spring Framework", "refsource": "FULLDISC", "tags": [], "url": "http://seclists.org/fulldisclosure/2013/Nov/14" }, { "name": "https://jira.springsource.org/browse/SPR-10806", "refsource": "CONFIRM", "tags": [ "Exploit", "Patch" ], "url": "https://jira.springsource.org/browse/SPR-10806" }, { "name": "56247", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/56247" }, { "name": "RHSA-2014:0212", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2014-0212.html" }, { "name": "RHSA-2014:0254", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2014-0254.html" }, { "name": "RHSA-2014:0245", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2014-0245.html" }, { "name": "RHSA-2014:0400", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2014-0400.html" }, { "name": "57915", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/57915" }, { "name": "61951", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/61951" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false } }, "lastModifiedDate": "2022-04-11T17:36Z", "publishedDate": "2014-01-23T21:55Z" } } }
ghsa-rp4p-g69r-438x
Vulnerability from github
Published
2022-05-13 01:02
Modified
2024-02-27 23:00
Summary
Cross-Site Request Forgery in Spring Framework
Details
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.
{ "affected": [ { "database_specific": { "last_known_affected_version_range": "\u003c= 3.2.3.RELEASE" }, "package": { "ecosystem": "Maven", "name": "org.springframework:spring-oxm" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "3.2.4.RELEASE" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2013-4152" ], "database_specific": { "cwe_ids": [ "CWE-352" ], "github_reviewed": true, "github_reviewed_at": "2022-07-08T19:18:09Z", "nvd_published_at": "2014-01-23T21:55:00Z", "severity": "MODERATE" }, "details": "The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.", "id": "GHSA-rp4p-g69r-438x", "modified": "2024-02-27T23:00:17Z", "published": "2022-05-13T01:02:38Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4152" }, { "type": "WEB", "url": "https://github.com/spring-projects/spring-framework/pull/317/files" }, { "type": "WEB", "url": "https://github.com/spring-projects/spring-framework/commit/434735fbf6e7f9051af2ef027657edb99120b173" }, { "type": "WEB", "url": "https://github.com/spring-projects/spring-framework/commit/7576274874deeccb6da6b09a8d5bd62e8b5538b7" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2014-0212.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2014-0245.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2014-0254.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2014-0400.html" }, { "type": "WEB", "url": "http://seclists.org/bugtraq/2013/Aug/154" }, { "type": "WEB", "url": "http://seclists.org/fulldisclosure/2013/Nov/14" }, { "type": "WEB", "url": "http://www.debian.org/security/2014/dsa-2842" }, { "type": "WEB", "url": "http://www.gopivotal.com/security/cve-2013-4152" } ], "schema_version": "1.4.0", "severity": [], "summary": "Cross-Site Request Forgery in Spring Framework" }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.